From e1b5f517126100d2d1b59e16a5574d482317dbef Mon Sep 17 00:00:00 2001
From: Sam Granger <sam.granger@gmail.com>
Date: Tue, 9 Oct 2018 15:36:02 +0200
Subject: [PATCH 1/3] Do not output html for region field due to xss

---
 .../web/template/shipping-address/address-renderer/default.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/code/Magento/Checkout/view/frontend/web/template/shipping-address/address-renderer/default.html b/app/code/Magento/Checkout/view/frontend/web/template/shipping-address/address-renderer/default.html
index 05ced7a978f82..2a5dc27328a43 100644
--- a/app/code/Magento/Checkout/view/frontend/web/template/shipping-address/address-renderer/default.html
+++ b/app/code/Magento/Checkout/view/frontend/web/template/shipping-address/address-renderer/default.html
@@ -8,7 +8,7 @@
     <text args="address().prefix"/> <text args="address().firstname"/> <text args="address().middlename"/>
     <text args="address().lastname"/> <text args="address().suffix"/><br/>
     <text args="_.values(address().street).join(', ')"/><br/>
-    <text args="address().city "/>, <span html="address().region"></span> <text args="address().postcode"/><br/>
+    <text args="address().city "/>, <span text="address().region"></span> <text args="address().postcode"/><br/>
     <text args="getCountryName(address().countryId)"/><br/>
     <a if="address().telephone" attr="'href': 'tel:' + address().telephone" text="address().telephone"></a><br/>
 

From c1a7d1930d6cdcd112836a57022a65345d05e84d Mon Sep 17 00:00:00 2001
From: Sam Granger <sam.granger@gmail.com>
Date: Tue, 9 Oct 2018 15:36:44 +0200
Subject: [PATCH 2/3] Do not output html for region field due to xss

---
 .../template/shipping-information/address-renderer/default.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/code/Magento/Checkout/view/frontend/web/template/shipping-information/address-renderer/default.html b/app/code/Magento/Checkout/view/frontend/web/template/shipping-information/address-renderer/default.html
index 97286a28552d2..541413955cb47 100644
--- a/app/code/Magento/Checkout/view/frontend/web/template/shipping-information/address-renderer/default.html
+++ b/app/code/Magento/Checkout/view/frontend/web/template/shipping-information/address-renderer/default.html
@@ -8,7 +8,7 @@
     <text args="address().prefix"/> <text args="address().firstname"/> <text args="address().middlename"/>
     <text args="address().lastname"/> <text args="address().suffix"/><br/>
     <text args="_.values(address().street).join(', ')"/><br/>
-    <text args="address().city "/>, <span html="address().region"></span> <text args="address().postcode"/><br/>
+    <text args="address().city "/>, <span text="address().region"></span> <text args="address().postcode"/><br/>
     <text args="getCountryName(address().countryId)"/><br/>
     <a if="address().telephone" attr="'href': 'tel:' + address().telephone" text="address().telephone"></a><br/>
 

From fca4023cffbe281e66f72f7c9f7643caf846af86 Mon Sep 17 00:00:00 2001
From: Sam Granger <sam.granger@gmail.com>
Date: Tue, 9 Oct 2018 15:37:48 +0200
Subject: [PATCH 3/3] Do not output html for region field due to xss

---
 .../view/frontend/web/template/billing-address/details.html     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/code/Magento/Checkout/view/frontend/web/template/billing-address/details.html b/app/code/Magento/Checkout/view/frontend/web/template/billing-address/details.html
index cc1d960bbe44b..ea521b3a8afd4 100644
--- a/app/code/Magento/Checkout/view/frontend/web/template/billing-address/details.html
+++ b/app/code/Magento/Checkout/view/frontend/web/template/billing-address/details.html
@@ -8,7 +8,7 @@
     <text args="currentBillingAddress().prefix"/> <text args="currentBillingAddress().firstname"/> <text args="currentBillingAddress().middlename"/>
     <text args="currentBillingAddress().lastname"/> <text args="currentBillingAddress().suffix"/><br/>
     <text args="_.values(currentBillingAddress().street).join(', ')"/><br/>
-    <text args="currentBillingAddress().city "/>, <span html="currentBillingAddress().region"></span> <text args="currentBillingAddress().postcode"/><br/>
+    <text args="currentBillingAddress().city "/>, <span text="currentBillingAddress().region"></span> <text args="currentBillingAddress().postcode"/><br/>
     <text args="getCountryName(currentBillingAddress().countryId)"/><br/>
     <a if="currentBillingAddress().telephone" attr="'href': 'tel:' + currentBillingAddress().telephone" text="currentBillingAddress().telephone"></a><br/>