fix: [MINT-4875] escape output to prevent XSS in templates (#223)

Author: simsben

view/adminhtml/templates/system/config/finish-integration-steps.phtml

@@ -27,7 +27,7 @@ $showTimeline = $status !== 4 && $status !== 3;
                         <p>The <strong><?= $escaper->escapeHtml($block->getCurrentIntegrationName()) ?></strong> integration is not yet enabled. Please follow the steps detailed on the <a href="<?= $escaper->escapeUrl($block->getDefaultScopeUrl()) ?>">Extend Settings</a> page to complete
                             your setup and integration this store with Extend.</p>
                         <button class="action-primary" name="finish_integration" type="button" onclick="document.location.href='<?= $escaper->escapeJs($block->getDefaultScopeUrl()) ?>';">
-                            <span><?= __('Finish Integration') ?></span>
+                            <span><?= $escaper->escapeHtml(__('Finish Integration')) ?></span>
                         </button>
                     </div>
                 <?php endif; ?>

view/frontend/templates/checkout/sp-quote-config.phtml

@@ -27,7 +27,7 @@ $shouldRender = $viewModel->isExtendShippingProtectionEnabled();
             "environment": "<?= $escaper->escapeJs($environment) ?>",
             "storeId": "<?= $escaper->escapeJs($storeId) ?>",
             "currencyCode": "<?= $escaper->escapeJs($currencyCode) ?>",
-            "isCurrencySupported": <?= json_encode($isCurrencySupported) ?>
+            "isCurrencySupported": <?= /* @noEscape */ json_encode($isCurrencySupported) ?>
           }
         ]
       }