Merge branch 'AC-12871' into cia-2.4.8-beta2-develop-bugfix-10212024

Author: pawan-adobe-security

app/code/Magento/Config/Block/System/Config/Form/Field/File.php

@@ -55,7 +55,7 @@ protected function _getDeleteCheckbox()
             $html .= '<input type="hidden" name="' .
                 parent::getName() .
                 '[value]" value="' .
-                $this->getValue() .
+                $this->_escaper->escapeHtml($this->getValue()) .
                 '" />';
             $html .= '</div>';
         }

app/code/Magento/Config/Test/Unit/Block/System/Config/Form/Field/FileTest.php

@@ -114,11 +114,13 @@ public function testGetElementHtml(): void
         $expectedHtmlId = $this->testData['html_id_prefix']
             . $this->testData['html_id']
             . $this->testData['html_id_suffix'];
+        $escapeValue = $this->testData['value'];
         $this->escaperMock->expects($this->any())->method('escapeHtml')->willReturnMap(
             [
                 [$expectedHtmlId, null, $expectedHtmlId],
                 [self::XSS_FILE_NAME_TEST, null, self::XSS_FILE_NAME_TEST],
                 [self::INPUT_NAME_TEST, null, self::INPUT_NAME_TEST],
+                [$escapeValue, null, $escapeValue],
             ]
         );