Adds escaping of urls and html

[vraja-pro]

Context

Summary

This PR can be summarized in the following changelog entry:

• Adds missing escaping for the Url_List_Presenter.

Relevant technical choices:

• This is not actually a vulnerability since some sanitisation is done on the frontend. But we should have that covered in any case.

Test instructions

Test instructions for the acceptance test before the PR gets merged

This PR can be acceptance tested by following these steps:

• Site should be edited via the block editor.
• Yoast SEO Premium should be installed and activated.
• Add pages with parent page.
• Use the Sub pages block in the parent page and check it works as expected.
• View the page and check you see a list of the sub pages.
• Addd the siblings block to one of the sub pages and check it works as expected.
• View the page and check you see a list of the sibling pages.

Relevant test scenarios

• Changes should be tested with the browser console open
• Changes should be tested on different posts/pages/taxonomies/custom post types/custom taxonomies
• Changes should be tested on different editors (Default Block/Gutenberg/Classic/Elementor/other)
• Changes should be tested on different browsers
• Changes should be tested on multisite

Test instructions for QA when the code is in the RC

• QA should use the same steps as above.

QA can test this PR by following these steps:

Impact check

This PR affects the following parts of the plugin, which may require extra testing:

Other environments

• This PR also affects Shopify. I have added a changelog entry starting with [shopify-seo], added test instructions for Shopify and attached the Shopify label to this PR.
• This PR also affects Yoast SEO for Google Docs. I have added a changelog entry starting with [yoast-doc-extension], added test instructions for Yoast SEO for Google Docs and attached the Google Docs Add-on label to this PR.

Documentation

• I have written documentation for this change. For example, comments in the Relevant technical choices, comments in the code, documentation on Confluence / shared Google Drive / Yoast developer portal, or other.

Quality assurance

• I have tested this code to the best of my abilities.
• During testing, I had activated all plugins that Yoast SEO provides integrations for.
• I have added unit tests to verify the code works as intended.
• If any part of the code is behind a feature flag, my test instructions also cover cases where the feature flag is switched off.
• I have written this PR in accordance with my team's definition of done.
• I have checked that the base branch is correctly set.
• I have run grunt build:images and commited the results, if my PR introduces new images or SVGs.

Innovation

• No innovation project is applicable for this PR.
• This PR falls under an innovation project. I have attached the innovation label.
• I have added my hours to the WBSO document.

Fixes https://github.com/Yoast/reserved-tasks/issues/1062

[coveralls]

Pull Request Test Coverage Report for Build df5b1bc343705129b3d240d668713c35990ac802

Details

• 0 of 1 (0.0%) changed or added relevant line in 1 file are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage decreased (-0.5%) to 53.203%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
src/presenters/url-list-presenter.php	0	1	0.0%

Totals
Change from base Build 78303363c441ae21d185a09c117cfa3e007fbaba:	-0.5%
Covered Lines:	33246
Relevant Lines:	62484

---

💛 - Coveralls

[enricobattocchi]

CR & ACC ok