shopifyapps.com XSS on sales channels via currency formatting

pinterest, twitter, buy button and facebook sales channels vulnerable to xss via currency formatting. steps to reproduce: - remove pinterest, twitter, buy button and facebook sales channels at *.myshopify.com/admin/channels - go to *.myshopify.com/admin/settings/general - change currency formating as shown at the `currency_formatting.jpg`(check attachment) - add pinterest, twitter, buy button and facebook sales channels at *.myshopify.com/admin/channels - check pinterest, twitter and buy button tabs - create collection and add a product to it (skip this step if you already have collection with product) - go to facebook tab --> shop ( `*.myshopify.com/admin/apps/shopify-facebook/collections` )