From d31f411048c5fe0c040720a6fb05fe859b014e8e Mon Sep 17 00:00:00 2001
From: bc-donfran <francis.dong@bigcommerce.com>
Date: Tue, 24 Sep 2024 12:28:33 +1000
Subject: [PATCH 1/2] fix(storefront): BCTHEME-1985 Fix stored XSS within
 company address field

---
 CHANGELOG.md                                   | 1 +
 templates/components/account/address-list.html | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cae441a18e..b980e2760d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Account.js - Fixed jquery selector to be template literal [#2464](https://github.com/bigcommerce/cornerstone/pull/2464)
 - Address deprecated jQuery methods [#2466](https://github.com/bigcommerce/cornerstone/pull/2466)
 - Load other font weights and styles for the body-font [#2396](https://github.com/bigcommerce/cornerstone/pull/2396)
+- Stored XSS within company address field [#](https://github.com/bigcommerce/cornerstone/pull)
 
 ## 6.14.0 (05-15-2024)
 - Account.php <a href> is inside of a list item [#2457](https://github.com/bigcommerce/cornerstone/pull/2457)
diff --git a/templates/components/account/address-list.html b/templates/components/account/address-list.html
index a06986275b..e70d803acd 100644
--- a/templates/components/account/address-list.html
+++ b/templates/components/account/address-list.html
@@ -9,7 +9,7 @@
                 <div class="panel-body">
                     <h5 class="address-title">{{first_name}} {{last_name}}</h5>
                     <ul class="address-details address-details--postal">
-                        <li>{{{company}}}</li>
+                        <li>{{company}}</li>
                         <li>{{address1}}</li>
                         <li>{{address2}}</li>
                         <li>{{city}}{{#if state}}, {{state}}{{/if}} {{zip}}</li>

From d7656740e1a6b856f747ac03faf8d5cf24bd2d55 Mon Sep 17 00:00:00 2001
From: bc-donfran <francis.dong@bigcommerce.com>
Date: Tue, 24 Sep 2024 12:40:51 +1000
Subject: [PATCH 2/2] Updating CHANGELOG.md

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b980e2760d..25d45b4b9c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,7 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Account.js - Fixed jquery selector to be template literal [#2464](https://github.com/bigcommerce/cornerstone/pull/2464)
 - Address deprecated jQuery methods [#2466](https://github.com/bigcommerce/cornerstone/pull/2466)
 - Load other font weights and styles for the body-font [#2396](https://github.com/bigcommerce/cornerstone/pull/2396)
-- Stored XSS within company address field [#](https://github.com/bigcommerce/cornerstone/pull)
+- Stored XSS within company address field [#2485](https://github.com/bigcommerce/cornerstone/pull/2485)
 
 ## 6.14.0 (05-15-2024)
 - Account.php <a href> is inside of a list item [#2457](https://github.com/bigcommerce/cornerstone/pull/2457)