From 455619c8251084fd14bb8d2ddf10935098f8cf5d Mon Sep 17 00:00:00 2001
From: Dave Macaulay <macaulay@adobe.com>
Date: Mon, 20 May 2019 17:18:59 +0200
Subject: [PATCH 01/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Front-end templates
---
 .../templates/order/create/form/account.phtml |   6 +-
 .../templates/email/creditmemo/items.phtml    |  14 +-
 .../templates/email/invoice/items.phtml       |  12 +-
 .../view/frontend/templates/email/items.phtml |  31 +++--
 .../email/items/creditmemo/default.phtml      |  18 ++-
 .../email/items/invoice/default.phtml         |  21 ++-
 .../templates/email/items/order/default.phtml |  33 +++--
 .../templates/email/items/price/row.phtml     |   5 +-
 .../email/items/shipment/default.phtml        |  18 ++-
 .../templates/email/shipment/items.phtml      |  10 +-
 .../templates/email/shipment/track.phtml      |  40 +++---
 .../view/frontend/templates/guest/form.phtml  |  27 ++--
 .../frontend/templates/items/price/row.phtml  |   4 +-
 .../items/price/total_after_discount.phtml    |   8 +-
 .../frontend/templates/items/price/unit.phtml |   4 +-
 .../frontend/templates/js/components.phtml    |   3 -
 .../frontend/templates/order/comments.phtml   |  14 +-
 .../frontend/templates/order/creditmemo.phtml |   6 +-
 .../templates/order/creditmemo/items.phtml    |  81 ++++++-----
 .../creditmemo/items/renderer/default.phtml   |  69 +++++-----
 .../frontend/templates/order/history.phtml    |  47 ++++---
 .../view/frontend/templates/order/info.phtml  |  47 +++----
 .../templates/order/info/buttons.phtml        |  17 ++-
 .../templates/order/info/buttons/rss.phtml    |  10 +-
 .../frontend/templates/order/invoice.phtml    |   6 +-
 .../templates/order/invoice/items.phtml       |  77 +++++------
 .../invoice/items/renderer/default.phtml      |  53 ++++---
 .../view/frontend/templates/order/items.phtml |  60 ++++----
 .../order/items/renderer/default.phtml        |  72 +++++-----
 .../templates/order/order_comments.phtml      |  15 +-
 .../frontend/templates/order/order_date.phtml |   6 +-
 .../templates/order/order_status.phtml        |   2 +-
 .../templates/order/print/creditmemo.phtml    |  47 +++----
 .../templates/order/print/invoice.phtml       |  55 ++++----
 .../templates/order/print/shipment.phtml      | 129 +++++++++---------
 .../frontend/templates/order/recent.phtml     |  55 ++++----
 .../shipment/items/renderer/default.phtml     |  55 ++++----
 .../frontend/templates/order/totals.phtml     |  34 +++--
 .../view/frontend/templates/order/view.phtml  |  30 ++--
 .../frontend/templates/reorder/sidebar.phtml  |  20 ++-
 .../templates/widget/guest/form.phtml         |  24 ++--
 41 files changed, 623 insertions(+), 662 deletions(-)

diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/account.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/account.phtml
index f7d5f4aa8aa33..85ca9c8159bcc 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/account.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/account.phtml
@@ -3,10 +3,12 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+/** @var $block \Magento\Sales\Block\Adminhtml\Order\Create\Form\Account */
 ?>
 
-<div class="admin__page-section-title <?= /* @noEscape */ $block->getHeaderCssClass() ?>">
-    <span class="title"><?= /* @noEscape */ $block->getHeaderText() ?></span>
+<div class="admin__page-section-title <?= $block->escapeHtmlAttr($block->getHeaderCssClass()) ?>">
+    <span class="title"><?= $block->escapeHtml($block->getHeaderText()) ?></span>
     <div class="actions"></div>
 </div>
 <div id="customer_account_fields" class="admin__page-section-content">
diff --git a/app/code/Magento/Sales/view/frontend/templates/email/creditmemo/items.phtml b/app/code/Magento/Sales/view/frontend/templates/email/creditmemo/items.phtml
index 8cef5d57664a9..90c3ddeee5a30 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/creditmemo/items.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/creditmemo/items.phtml
@@ -4,28 +4,26 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_creditmemo = $block->getCreditmemo() ?>
 <?php $_order      = $block->getOrder() ?>
-<?php if ($_creditmemo && $_order): ?>
+<?php if ($_creditmemo && $_order) : ?>
     <table class="email-items">
         <thead>
             <tr>
                 <th class="item-info">
-                    <?= /* @escapeNotVerified */  __('Items') ?>
+                    <?= $block->escapeHtml(__('Items')) ?>
                 </th>
                 <th class="item-qty">
-                    <?= /* @escapeNotVerified */  __('Qty') ?>
+                    <?= $block->escapeHtml(__('Qty')) ?>
                 </th>
                 <th class="item-subtotal">
-                    <?= /* @escapeNotVerified */  __('Subtotal') ?>
+                    <?= $block->escapeHtml(__('Subtotal')) ?>
                 </th>
             </tr>
         </thead>
-        <?php foreach ($_creditmemo->getAllItems() as $_item): ?>
-            <?php if (!$_item->getOrderItem()->getParentItem())  : ?>
+        <?php foreach ($_creditmemo->getAllItems() as $_item) : ?>
+            <?php if (!$_item->getOrderItem()->getParentItem()) : ?>
                 <tbody>
                     <?= $block->getItemHtml($_item) ?>
                 </tbody>
diff --git a/app/code/Magento/Sales/view/frontend/templates/email/invoice/items.phtml b/app/code/Magento/Sales/view/frontend/templates/email/invoice/items.phtml
index 4c377dea47da2..e2efd650295d4 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/invoice/items.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/invoice/items.phtml
@@ -4,27 +4,25 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_invoice = $block->getInvoice() ?>
 <?php $_order   = $block->getOrder() ?>
-<?php if ($_invoice && $_order): ?>
+<?php if ($_invoice && $_order) : ?>
     <table class="email-items">
         <thead>
             <tr>
                 <th class="item-info">
-                    <?= /* @escapeNotVerified */  __('Items') ?>
+                    <?= $block->escapeHtml(__('Items')) ?>
                 </th>
                 <th class="item-qty">
-                    <?= /* @escapeNotVerified */  __('Qty') ?>
+                    <?= $block->escapeHtml(__('Qty')) ?>
                 </th>
                 <th class="item-subtotal">
-                    <?= /* @escapeNotVerified */  __('Subtotal') ?>
+                    <?= $block->escapeHtml(__('Subtotal')) ?>
                 </th>
             </tr>
         </thead>
-        <?php foreach ($_invoice->getAllItems() as $_item): ?>
+        <?php foreach ($_invoice->getAllItems() as $_item) : ?>
             <?php if (!$_item->getOrderItem()->getParentItem()) : ?>
                 <tbody>
                     <?= $block->getItemHtml($_item) ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/email/items.phtml b/app/code/Magento/Sales/view/frontend/templates/email/items.phtml
index 37469582865dc..1bba8166762c7 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/items.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/items.phtml
@@ -4,27 +4,28 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
+// phpcs:disable Magento2.Templates.ThisInTemplate
 
+/** @var $block \Magento\Sales\Block\Order\Email\Items */
 ?>
 <?php $_order = $block->getOrder() ?>
-<?php if ($_order): ?>
+<?php if ($_order) : ?>
     <?php $_items = $_order->getAllItems(); ?>
     <table class="email-items">
         <thead>
             <tr>
                 <th class="item-info">
-                    <?= /* @escapeNotVerified */  __('Items') ?>
+                    <?= $block->escapeHtml(__('Items')) ?>
                 </th>
                 <th class="item-qty">
-                    <?= /* @escapeNotVerified */  __('Qty') ?>
+                    <?= $block->escapeHtml(__('Qty')) ?>
                 </th>
                 <th class="item-price">
-                    <?= /* @escapeNotVerified */  __('Price') ?>
+                    <?= $block->escapeHtml(__('Price')) ?>
                 </th>
             </tr>
         </thead>
-        <?php foreach ($_items as $_item): ?>
+        <?php foreach ($_items as $_item) : ?>
             <?php if (!$_item->getParentItem()) : ?>
                 <tbody>
                     <?= $block->getItemHtml($_item) ?>
@@ -35,17 +36,21 @@
             <?= $block->getChildHtml('order_totals') ?>
         </tfoot>
     </table>
-    <?php if ($this->helper('Magento\GiftMessage\Helper\Message')->isMessagesAllowed('order', $_order, $_order->getStore()) && $_order->getGiftMessageId()): ?>
-        <?php $_giftMessage = $this->helper('Magento\GiftMessage\Helper\Message')->getGiftMessage($_order->getGiftMessageId()); ?>
-        <?php if ($_giftMessage): ?>
+    <?php if ($this->helper(\Magento\GiftMessage\Helper\Message::class)
+            ->isMessagesAllowed('order', $_order, $_order->getStore())
+        && $_order->getGiftMessageId()
+    ) : ?>
+        <?php $_giftMessage = $this->helper(\Magento\GiftMessage\Helper\Message::class)
+            ->getGiftMessage($_order->getGiftMessageId()); ?>
+        <?php if ($_giftMessage) : ?>
             <br />
             <table class="message-gift">
                 <tr>
                     <td>
-                        <h3><?= /* @escapeNotVerified */  __('Gift Message for this Order') ?></h3>
-                        <strong><?= /* @escapeNotVerified */  __('From:') ?></strong> <?= $block->escapeHtml($_giftMessage->getSender()) ?>
-                        <br /><strong><?= /* @escapeNotVerified */  __('To:') ?></strong> <?= $block->escapeHtml($_giftMessage->getRecipient()) ?>
-                        <br /><strong><?= /* @escapeNotVerified */  __('Message:') ?></strong>
+                        <h3><?= $block->escapeHtml(__('Gift Message for this Order')) ?></h3>
+                        <strong><?= $block->escapeHtml(__('From:')) ?></strong> <?= $block->escapeHtml($_giftMessage->getSender()) ?>
+                        <br /><strong><?= $block->escapeHtml(__('To:')) ?></strong> <?= $block->escapeHtml($_giftMessage->getRecipient()) ?>
+                        <br /><strong><?= $block->escapeHtml(__('Message:')) ?></strong>
                         <br /><?= $block->escapeHtml($_giftMessage->getMessage()) ?>
                     </td>
                 </tr>
diff --git a/app/code/Magento/Sales/view/frontend/templates/email/items/creditmemo/default.phtml b/app/code/Magento/Sales/view/frontend/templates/email/items/creditmemo/default.phtml
index 20c2c1869fedb..566b0060d1a74 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/items/creditmemo/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/items/creditmemo/default.phtml
@@ -4,21 +4,19 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_item = $block->getItem() ?>
 <?php $_order = $block->getItem()->getOrder(); ?>
 <tr>
-    <td class="item-info<?php if ($block->getItemOptions()): ?> has-extra<?php endif; ?>">
+    <td class="item-info<?= ($block->getItemOptions() ? ' has-extra' : '') ?>">
         <p class="product-name"><?= $block->escapeHtml($_item->getName()) ?></p>
-        <p class="sku"><?= /* @escapeNotVerified */  __('SKU') ?>: <?= $block->escapeHtml($block->getSku($_item)) ?></p>
-        <?php if ($block->getItemOptions()): ?>
+        <p class="sku"><?= $block->escapeHtml(__('SKU')) ?>: <?= $block->escapeHtml($block->getSku($_item)) ?></p>
+        <?php if ($block->getItemOptions()) : ?>
             <dl>
-                <?php foreach ($block->getItemOptions() as $option): ?>
-                    <dt><strong><em><?= /* @escapeNotVerified */  $option['label'] ?></em></strong></dt>
+                <?php foreach ($block->getItemOptions() as $option) : ?>
+                    <dt><strong><em><?= $block->escapeHtml($option['label']) ?></em></strong></dt>
                     <dd>
-                        <?= /* @escapeNotVerified */  nl2br($option['value']) ?>
+                        <?= /* @noEscape */  nl2br($option['value']) ?>
                     </dd>
                 <?php endforeach; ?>
             </dl>
@@ -29,8 +27,8 @@
         <?php endif; ?>
         <?= $block->escapeHtml($_item->getDescription()) ?>
     </td>
-    <td class="item-qty"><?= /* @escapeNotVerified */  $_item->getQty() * 1 ?></td>
+    <td class="item-qty"><?= (int) $_item->getQty() * 1 ?></td>
     <td class="item-price">
-        <?= /* @escapeNotVerified */  $block->getItemPrice($_item) ?>
+        <?= /* @noEscape */  $block->getItemPrice($_item) ?>
     </td>
 </tr>
diff --git a/app/code/Magento/Sales/view/frontend/templates/email/items/invoice/default.phtml b/app/code/Magento/Sales/view/frontend/templates/email/items/invoice/default.phtml
index 1fca65932b0b0..2ef34b406e25c 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/items/invoice/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/items/invoice/default.phtml
@@ -3,34 +3,31 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_item = $block->getItem() ?>
 <?php $_order = $block->getItem()->getOrder(); ?>
 <tr>
-    <td class="item-info<?php if ($block->getItemOptions()): ?> has-extra<?php endif; ?>">
+    <td class="item-info<?= ($block->getItemOptions() ? ' has-extra' : '') ?>">
         <p class="product-name"><?= $block->escapeHtml($_item->getName()) ?></p>
-        <p class="sku"><?= /* @escapeNotVerified */  __('SKU') ?>: <?= $block->escapeHtml($block->getSku($_item)) ?></p>
-        <?php if ($block->getItemOptions()): ?>
+        <p class="sku"><?= $block->escapeHtml(__('SKU')) ?>: <?= $block->escapeHtml($block->getSku($_item)) ?></p>
+        <?php if ($block->getItemOptions()) : ?>
             <dl>
-                <?php foreach ($block->getItemOptions() as $option): ?>
-                    <dt><strong><em><?= /* @escapeNotVerified */  $option['label'] ?></em></strong></dt>
+                <?php foreach ($block->getItemOptions() as $option) : ?>
+                    <dt><strong><em><?= $block->escapeHtml($option['label']) ?></em></strong></dt>
                     <dd>
-                        <?= /* @escapeNotVerified */  nl2br($option['value']) ?>
+                        <?= /* @noEscape */  nl2br($option['value']) ?>
                     </dd>
                 <?php endforeach; ?>
             </dl>
         <?php endif; ?>
         <?php $addInfoBlock = $block->getProductAdditionalInformationBlock(); ?>
-        <?php if ($addInfoBlock) :?>
+        <?php if ($addInfoBlock) : ?>
             <?= $addInfoBlock->setItem($_item->getOrderItem())->toHtml() ?>
         <?php endif; ?>
         <?= $block->escapeHtml($_item->getDescription()) ?>
     </td>
-    <td class="item-qty"><?= /* @escapeNotVerified */  $_item->getQty() * 1 ?></td>
+    <td class="item-qty"><?= (int) $_item->getQty() * 1 ?></td>
     <td class="item-price">
-        <?= /* @escapeNotVerified */  $block->getItemPrice($_item->getOrderItem()) ?>
+        <?= /* @noEscape */ $block->getItemPrice($_item->getOrderItem()) ?>
     </td>
 </tr>
diff --git a/app/code/Magento/Sales/view/frontend/templates/email/items/order/default.phtml b/app/code/Magento/Sales/view/frontend/templates/email/items/order/default.phtml
index 2974e4cd7ad80..6edd536b2b8ce 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/items/order/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/items/order/default.phtml
@@ -4,7 +4,7 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
+// phpcs:disable Magento2.Templates.ThisInTemplate
 
 /** @var $block \Magento\Sales\Block\Order\Email\Items\DefaultItems */
 
@@ -13,15 +13,15 @@ $_item = $block->getItem();
 $_order = $_item->getOrder();
 ?>
 <tr>
-    <td class="item-info<?php if ($block->getItemOptions()): ?> has-extra<?php endif; ?>">
+    <td class="item-info<?= ($block->getItemOptions() ? ' has-extra' : '') ?>">
         <p class="product-name"><?= $block->escapeHtml($_item->getName()) ?></p>
-        <p class="sku"><?= /* @escapeNotVerified */  __('SKU') ?>: <?= $block->escapeHtml($block->getSku($_item)) ?></p>
-        <?php if ($block->getItemOptions()): ?>
+        <p class="sku"><?= $block->escapeHtml(__('SKU')) ?>: <?= $block->escapeHtml($block->getSku($_item)) ?></p>
+        <?php if ($block->getItemOptions()) : ?>
             <dl class="item-options">
-            <?php foreach ($block->getItemOptions() as $option): ?>
-                <dt><strong><em><?= /* @escapeNotVerified */  $option['label'] ?></em></strong></dt>
+            <?php foreach ($block->getItemOptions() as $option) : ?>
+                <dt><strong><em><?= $block->escapeHtml($option['label']) ?></em></strong></dt>
                 <dd>
-                    <?= /* @escapeNotVerified */  nl2br($option['value']) ?>
+                    <?= /* @noEscape */  nl2br($option['value']) ?>
                 </dd>
             <?php endforeach; ?>
             </dl>
@@ -32,21 +32,24 @@ $_order = $_item->getOrder();
         <?php endif; ?>
         <?= $block->escapeHtml($_item->getDescription()) ?>
     </td>
-    <td class="item-qty"><?= /* @escapeNotVerified */  $_item->getQtyOrdered() * 1 ?></td>
+    <td class="item-qty"><?= (int) $_item->getQtyOrdered() * 1 ?></td>
     <td class="item-price">
-        <?= /* @escapeNotVerified */  $block->getItemPrice($_item) ?>
+        <?= /* @noEscape */ $block->getItemPrice($_item) ?>
     </td>
 </tr>
-<?php if ($_item->getGiftMessageId() && $_giftMessage = $this->helper('Magento\GiftMessage\Helper\Message')->getGiftMessage($_item->getGiftMessageId())): ?>
-<tr>
+<?php if ($_item->getGiftMessageId()
+    && $_giftMessage = $this->helper(\Magento\GiftMessage\Helper\Message::class)
+        ->getGiftMessage($_item->getGiftMessageId())
+) : ?>
+    <tr>
     <td colspan="3" class="item-extra">
         <table class="message-gift">
             <tr>
                 <td>
-                    <h3><?= /* @escapeNotVerified */  __('Gift Message') ?></h3>
-                    <strong><?= /* @escapeNotVerified */  __('From:') ?></strong> <?= $block->escapeHtml($_giftMessage->getSender()) ?>
-                    <br /><strong><?= /* @escapeNotVerified */  __('To:') ?></strong> <?= $block->escapeHtml($_giftMessage->getRecipient()) ?>
-                    <br /><strong><?= /* @escapeNotVerified */  __('Message:') ?></strong>
+                    <h3><?= $block->escapeHtml(__('Gift Message')) ?></h3>
+                    <strong><?= $block->escapeHtml(__('From:')) ?></strong> <?= $block->escapeHtml($_giftMessage->getSender()) ?>
+                    <br /><strong><?= $block->escapeHtml(__('To:')) ?></strong> <?= $block->escapeHtml($_giftMessage->getRecipient()) ?>
+                    <br /><strong><?= $block->escapeHtml(__('Message:')) ?></strong>
                     <br /><?= $block->escapeHtml($_giftMessage->getMessage()) ?>
                 </td>
             </tr>
diff --git a/app/code/Magento/Sales/view/frontend/templates/email/items/price/row.phtml b/app/code/Magento/Sales/view/frontend/templates/email/items/price/row.phtml
index 106aeb16c2897..a2148a4f8fcb9 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/items/price/row.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/items/price/row.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /** @var \Magento\Sales\Block\Order\Email\Items\DefaultItems $block */
@@ -16,4 +13,4 @@ $_item = $block->getItem();
 $_order = $_item->getOrder();
 ?>
 
-<?= /* @escapeNotVerified */  $_order->formatPrice($_item->getRowTotal()) ?>
+<?= /* @noEscape */ $_order->formatPrice($_item->getRowTotal()) ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/email/items/shipment/default.phtml b/app/code/Magento/Sales/view/frontend/templates/email/items/shipment/default.phtml
index f41a09f5da0f3..8fba7f9b66c84 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/items/shipment/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/items/shipment/default.phtml
@@ -4,29 +4,27 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var $_item \Magento\Sales\Model\Order\Item */
 $_item = $block->getItem() ?>
 <tr>
-    <td class="item-info<?php if ($block->getItemOptions()): ?> has-extra<?php endif; ?>">
+    <td class="item-info<?= ($block->getItemOptions() ? ' has-extra' : '') ?>">
         <p class="product-name"><?= $block->escapeHtml($_item->getName()) ?></p>
-        <p class="sku"><?= /* @escapeNotVerified */  __('SKU') ?>: <?= $block->escapeHtml($block->getSku($_item)) ?></p>
-        <?php if ($block->getItemOptions()): ?>
+        <p class="sku"><?= $block->escapeHtml(__('SKU')) ?>: <?= $block->escapeHtml($block->getSku($_item)) ?></p>
+        <?php if ($block->getItemOptions()) : ?>
             <dl class="item-options">
-                <?php foreach ($block->getItemOptions() as $option): ?>
-                    <dt><strong><em><?= /* @escapeNotVerified */  $option['label'] ?></em></strong></dt>
+                <?php foreach ($block->getItemOptions() as $option) : ?>
+                    <dt><strong><em><?= $block->escapeHtml($option['label']) ?></em></strong></dt>
                     <dd>
-                        <?= /* @escapeNotVerified */  nl2br($option['value']) ?>
+                        <?= /* @noEscape */  nl2br($option['value']) ?>
                     </dd>
                 <?php endforeach; ?>
             </dl>
         <?php endif; ?>
         <?php $addInfoBlock = $block->getProductAdditionalInformationBlock(); ?>
-        <?php if ($addInfoBlock) :?>
+        <?php if ($addInfoBlock) : ?>
             <?= $addInfoBlock->setItem($_item->getOrderItem())->toHtml() ?>
         <?php endif; ?>
         <?= $block->escapeHtml($_item->getDescription()) ?>
     </td>
-    <td class="item-qty"><?= /* @escapeNotVerified */  $_item->getQty() * 1 ?></td>
+    <td class="item-qty"><?= (int) $_item->getQty() * 1 ?></td>
 </tr>
diff --git a/app/code/Magento/Sales/view/frontend/templates/email/shipment/items.phtml b/app/code/Magento/Sales/view/frontend/templates/email/shipment/items.phtml
index 022511ae3cfd0..956705fb7b55d 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/shipment/items.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/shipment/items.phtml
@@ -4,24 +4,22 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_shipment = $block->getShipment() ?>
 <?php $_order    = $block->getOrder() ?>
-<?php if ($_shipment && $_order): ?>
+<?php if ($_shipment && $_order) : ?>
     <table class="email-items">
         <thead>
             <tr>
                 <th class="item-info">
-                    <?= /* @escapeNotVerified */  __('Items') ?>
+                    <?= $block->escapeHtml(__('Items')) ?>
                 </th>
                 <th class="item-qty">
-                    <?= /* @escapeNotVerified */  __('Qty') ?>
+                    <?= $block->escapeHtml(__('Qty')) ?>
                 </th>
             </tr>
         </thead>
-        <?php foreach ($_shipment->getAllItems() as $_item): ?>
+        <?php foreach ($_shipment->getAllItems() as $_item) : ?>
             <?php if (!$_item->getOrderItem()->getParentItem()) : ?>
                 <tbody>
                     <?= $block->getItemHtml($_item) ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/email/shipment/track.phtml b/app/code/Magento/Sales/view/frontend/templates/email/shipment/track.phtml
index 6de8e42dea583..4c9993c764a8c 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/shipment/track.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/shipment/track.phtml
@@ -4,30 +4,28 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_shipment = $block->getShipment() ?>
 <?php $_order = $block->getOrder() ?>
-<?php if ($_shipment && $_order): ?>
-<?php $trackCollection = $_order->getTracksCollection($_shipment->getId()) ?>
-<?php if ($trackCollection): ?>
-    <br />
-    <table class="shipment-track">
-        <thead>
-        <tr>
-            <th><?= /* @escapeNotVerified */  __('Shipped By') ?></th>
-            <th><?= /* @escapeNotVerified */  __('Tracking Number') ?></th>
-        </tr>
-        </thead>
-        <tbody>
-        <?php foreach ($trackCollection as $_item): ?>
+<?php if ($_shipment && $_order) : ?>
+    <?php $trackCollection = $_order->getTracksCollection($_shipment->getId()) ?>
+    <?php if ($trackCollection) : ?>
+        <br />
+        <table class="shipment-track">
+            <thead>
             <tr>
-                <td><?= $block->escapeHtml($_item->getTitle()) ?>:</td>
-                <td><?= $block->escapeHtml($_item->getNumber()) ?></td>
+                <th><?= $block->escapeHtml(__('Shipped By')) ?></th>
+                <th><?= $block->escapeHtml(__('Tracking Number')) ?></th>
             </tr>
-        <?php endforeach ?>
-        </tbody>
-    </table>
-<?php endif; ?>
+            </thead>
+            <tbody>
+            <?php foreach ($trackCollection as $_item) : ?>
+                <tr>
+                    <td><?= $block->escapeHtml($_item->getTitle()) ?>:</td>
+                    <td><?= $block->escapeHtml($_item->getNumber()) ?></td>
+                </tr>
+            <?php endforeach ?>
+            </tbody>
+        </table>
+    <?php endif; ?>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/guest/form.phtml b/app/code/Magento/Sales/view/frontend/templates/guest/form.phtml
index 89be190588677..a8dd694f13e60 100644
--- a/app/code/Magento/Sales/view/frontend/templates/guest/form.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/guest/form.phtml
@@ -4,17 +4,18 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 ?>
-<form class="form form-orders-search" id="oar-widget-orders-and-returns-form" data-mage-init='{"ordersReturns":{}, "validation":{}}' action="<?= /* @escapeNotVerified */ $block->getActionUrl() ?>"
+<form class="form form-orders-search"
+      id="oar-widget-orders-and-returns-form"
+      data-mage-init='{"ordersReturns":{}, "validation":{}}'
+      action="<?= $block->escapeUrl($block->getActionUrl()) ?>"
       method="post" name="guest_post">
     <fieldset class="fieldset">
-        <legend class="legend"><span><?= /* @escapeNotVerified */ __('Order Information') ?></span></legend>
+        <legend class="legend"><span><?= $block->escapeHtml(__('Order Information')) ?></span></legend>
         <br>
 
         <div class="field id required">
-            <label class="label" for="oar-order-id"><span><?= /* @escapeNotVerified */ __('Order ID') ?></span></label>
+            <label class="label" for="oar-order-id"><span><?= $block->escapeHtml(__('Order ID')) ?></span></label>
 
             <div class="control">
                 <input type="text" class="input-text" id="oar-order-id" name="oar_order_id"
@@ -22,7 +23,7 @@
             </div>
         </div>
         <div class="field lastname required">
-            <label class="label" for="oar-billing-lastname"><span><?= /* @escapeNotVerified */ __('Billing Last Name') ?></span></label>
+            <label class="label" for="oar-billing-lastname"><span><?= $block->escapeHtml(__('Billing Last Name')) ?></span></label>
 
             <div class="control">
                 <input type="text" class="input-text" id="oar-billing-lastname" name="oar_billing_lastname"
@@ -30,17 +31,17 @@
             </div>
         </div>
         <div class="field find required">
-            <label class="label" for="quick-search-type-id"><span><?= /* @escapeNotVerified */ __('Find Order By') ?></span></label>
+            <label class="label" for="quick-search-type-id"><span><?= $block->escapeHtml(__('Find Order By')) ?></span></label>
 
             <div class="control">
                 <select name="oar_type" id="quick-search-type-id" class="select">
-                    <option value="email"><?= /* @escapeNotVerified */ __('Email') ?></option>
-                    <option value="zip"><?= /* @escapeNotVerified */ __('ZIP Code') ?></option>
+                    <option value="email"><?= $block->escapeHtml(__('Email')) ?></option>
+                    <option value="zip"><?= $block->escapeHtml(__('ZIP Code')) ?></option>
                 </select>
             </div>
         </div>
         <div id="oar-email" class="field email required">
-            <label class="label" for="oar_email"><span><?= /* @escapeNotVerified */ __('Email') ?></span></label>
+            <label class="label" for="oar_email"><span><?= $block->escapeHtml(__('Email')) ?></span></label>
 
             <div class="control">
                 <input type="email" class="input-text" id="oar_email" name="oar_email"
@@ -48,7 +49,7 @@
             </div>
         </div>
         <div id="oar-zip" class="field zip required">
-            <label class="label" for="oar_zip"><span><?= /* @escapeNotVerified */ __('Billing ZIP Code') ?></span></label>
+            <label class="label" for="oar_zip"><span><?= $block->escapeHtml(__('Billing ZIP Code')) ?></span></label>
 
             <div class="control">
                 <input type="text" class="input-text" id="oar_zip" name="oar_zip" data-validate="{required:true}"/>
@@ -57,8 +58,8 @@
     </fieldset>
     <div class="actions-toolbar">
         <div class="primary">
-            <button type="submit" title="<?= /* @escapeNotVerified */ __('Continue') ?>" class="action submit primary">
-                <span><?= /* @escapeNotVerified */ __('Continue') ?></span>
+            <button type="submit" title="<?= $block->escapeHtml(__('Continue')) ?>" class="action submit primary">
+                <span><?= $block->escapeHtml(__('Continue')) ?></span>
             </button>
         </div>
     </div>
diff --git a/app/code/Magento/Sales/view/frontend/templates/items/price/row.phtml b/app/code/Magento/Sales/view/frontend/templates/items/price/row.phtml
index bcf740307af15..73350c5b0c47f 100644
--- a/app/code/Magento/Sales/view/frontend/templates/items/price/row.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/items/price/row.phtml
@@ -4,13 +4,11 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var \Magento\Sales\Block\Order\Item\Renderer\DefaultRenderer $block */
 $_item = $block->getItem();
 ?>
 <span class="price-excluding-tax" data-label="<?= $block->escapeHtml(__('Excl. Tax')) ?>">
     <span class="cart-price">
-        <?= /* @escapeNotVerified */ $block->getOrder()->formatPrice($block->getItem()->getRowTotal()) ?>
+        <?= /* @noEscape */ $block->getOrder()->formatPrice($block->getItem()->getRowTotal()) ?>
     </span>
 </span>
diff --git a/app/code/Magento/Sales/view/frontend/templates/items/price/total_after_discount.phtml b/app/code/Magento/Sales/view/frontend/templates/items/price/total_after_discount.phtml
index dfb476ee381c1..493f30fba59ba 100644
--- a/app/code/Magento/Sales/view/frontend/templates/items/price/total_after_discount.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/items/price/total_after_discount.phtml
@@ -4,10 +4,10 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var \Magento\Sales\Block\Order\Item\Renderer\DefaultRenderer $block */
 $_item = $block->getItem();
 ?>
-<?php $_order = $block->getItem()->getOrderItem()->getOrder() ?>
-<?= /* @escapeNotVerified */ $_order->formatPrice($block->getTotalAmount($_item)) ?>
+<?php
+/** @var \Magento\Sales\Model\Order $_order */
+$_order = $block->getItem()->getOrderItem()->getOrder() ?>
+<?= /* @noEscape */ $_order->formatPrice($block->getTotalAmount($_item)) ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/items/price/unit.phtml b/app/code/Magento/Sales/view/frontend/templates/items/price/unit.phtml
index 7a484fed719f8..1b2f15133da8c 100644
--- a/app/code/Magento/Sales/view/frontend/templates/items/price/unit.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/items/price/unit.phtml
@@ -4,13 +4,11 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var \Magento\Sales\Block\Order\Item\Renderer\DefaultRenderer $block */
 $_item = $block->getItem();
 ?>
 <span class="price-excluding-tax" data-label="<?= $block->escapeHtml(__('Excl. Tax')) ?>">
     <span class="cart-price">
-        <?= /* @escapeNotVerified */ $block->getOrder()->formatPrice($block->getItem()->getPrice()) ?>
+        <?= /* @noEscape */ $block->getOrder()->formatPrice($block->getItem()->getPrice()) ?>
     </span>
 </span>
diff --git a/app/code/Magento/Sales/view/frontend/templates/js/components.phtml b/app/code/Magento/Sales/view/frontend/templates/js/components.phtml
index bad5acc209b5f..5902a9f25cc4b 100644
--- a/app/code/Magento/Sales/view/frontend/templates/js/components.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/js/components.phtml
@@ -3,8 +3,5 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?= $block->getChildHtml() ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/comments.phtml b/app/code/Magento/Sales/view/frontend/templates/order/comments.phtml
index 589b857239971..448ced1d35f8f 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/comments.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/comments.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /**
@@ -13,12 +10,15 @@
  * @see \Magento\Sales\Block\Order\Comments
  */
 ?>
-<?php if ($block->hasComments()):?>
+<?php if ($block->hasComments()) : ?>
     <div class="order additional details comments">
-        <h3 class="subtitle"><?= /* @escapeNotVerified */ $block->getTitle() ?></h3>
+        <h3 class="subtitle"><?= $block->escapeHtml($block->getTitle()) ?></h3>
         <dl class="order comments">
-            <?php foreach ($block->getComments() as $_commentItem): ?>
-                <dt class="comment date"><?= /* @escapeNotVerified */ $block->formatDate($_commentItem->getCreatedAt(), \IntlDateFormatter::MEDIUM, true) ?></dt>
+            <?php foreach ($block->getComments() as $_commentItem) : ?>
+                <dt class="comment date">
+                    <?= /* @noEscape */
+                    $block->formatDate($_commentItem->getCreatedAt(), \IntlDateFormatter::MEDIUM, true) ?>
+                </dt>
                 <dd class="comment text"><?= $block->escapeHtml($_commentItem->getComment()) ?></dd>
             <?php endforeach; ?>
         </dl>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/creditmemo.phtml b/app/code/Magento/Sales/view/frontend/templates/order/creditmemo.phtml
index a6a9b64d2c784..3d8853bbe0366 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/creditmemo.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/creditmemo.phtml
@@ -3,13 +3,15 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+/* @var $block \Magento\Sales\Block\Order\Creditmemo */
 ?>
 <div class="order-details-items creditmemo">
     <?= $block->getChildHtml('creditmemo_items') ?>
     <div class="actions-toolbar">
         <div class="secondary">
-            <a href="<?= /* @escapeNotVerified */ $block->getBackUrl() ?>" class="action back">
-                <span><?= /* @escapeNotVerified */ $block->getBackTitle() ?></span>
+            <a href="<?= $block->escapeUrl($block->getBackUrl()) ?>" class="action back">
+                <span><?= $block->escapeHtml($block->getBackTitle()) ?></span>
             </a>
         </div>
     </div>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/creditmemo/items.phtml b/app/code/Magento/Sales/view/frontend/templates/order/creditmemo/items.phtml
index dc2cf2433ac8d..019baeea54e23 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/creditmemo/items.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/creditmemo/items.phtml
@@ -3,54 +3,51 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_order = $block->getOrder() ?>
 <div class="actions-toolbar">
-    <a href="<?= /* @escapeNotVerified */ $block->getPrintAllCreditmemosUrl($_order) ?>"
+    <a href="<?= $block->escapeUrl($block->getPrintAllCreditmemosUrl($_order)) ?>"
        onclick="this.target='_blank'"
        class="action print">
-        <span><?= /* @escapeNotVerified */ __('Print All Refunds') ?></span>
-    </a>
-</div>
-<?php foreach ($_order->getCreditmemosCollection() as $_creditmemo): ?>
-<div class="order-title">
-    <strong><?= /* @escapeNotVerified */ __('Refund #') ?><?= /* @escapeNotVerified */ $_creditmemo->getIncrementId() ?> </strong>
-    <a href="<?= /* @escapeNotVerified */ $block->getPrintCreditmemoUrl($_creditmemo) ?>"
-       onclick="this.target='_blank'"
-       class="action print">
-        <span><?= /* @escapeNotVerified */ __('Print Refund') ?></span>
+        <span><?= $block->escapeHtml(__('Print All Refunds')) ?></span>
     </a>
 </div>
+<?php foreach ($_order->getCreditmemosCollection() as $_creditmemo) : ?>
+    <div class="order-title">
+        <strong><?= $block->escapeHtml(__('Refund #')) ?><?= $block->escapeHtml($_creditmemo->getIncrementId()) ?> </strong>
+        <a href="<?= $block->escapeUrl($block->getPrintCreditmemoUrl($_creditmemo)) ?>"
+           onclick="this.target='_blank'"
+           class="action print">
+            <span><?= $block->escapeHtml(__('Print Refund')) ?></span>
+        </a>
+    </div>
 
-<div class="table-wrapper order-items-creditmemo">
-    <table class="data table table-order-items creditmemo" id="my-refund-table-<?= /* @escapeNotVerified */ $_creditmemo->getId() ?>">
-        <caption class="table-caption"><?= /* @escapeNotVerified */ __('Items Refunded') ?></caption>
-        <thead>
-            <tr>
-                <th class="col name"><?= /* @escapeNotVerified */ __('Product Name') ?></th>
-                <th class="col sku"><?= /* @escapeNotVerified */ __('SKU') ?></th>
-                <th class="col price"><?= /* @escapeNotVerified */ __('Price') ?></th>
-                <th class="col qty"><?= /* @escapeNotVerified */ __('Qty') ?></th>
-                <th class="col subtotal"><?= /* @escapeNotVerified */ __('Subtotal') ?></th>
-                <th class="col discount"><?= /* @escapeNotVerified */ __('Discount Amount') ?></th>
-                <th class="col total"><?= /* @escapeNotVerified */ __('Row Total') ?></th>
-            </tr>
-        </thead>
-        <?php $_items = $_creditmemo->getAllItems(); ?>
-        <?php foreach ($_items as $_item): ?>
-            <?php if (!$_item->getOrderItem()->getParentItem()): ?>
-                <tbody>
-                    <?= $block->getItemHtml($_item) ?>
-                </tbody>
-            <?php endif; ?>
-        <?php endforeach; ?>
-        <tfoot>
-            <?= $block->getTotalsHtml($_creditmemo) ?>
-        </tfoot>
-    </table>
-</div>
-<?= $block->getCommentsHtml($_creditmemo) ?>
+    <div class="table-wrapper order-items-creditmemo">
+        <table class="data table table-order-items creditmemo" id="my-refund-table-<?= (int) $_creditmemo->getId() ?>">
+            <caption class="table-caption"><?= $block->escapeHtml(__('Items Refunded')) ?></caption>
+            <thead>
+                <tr>
+                    <th class="col name"><?= $block->escapeHtml(__('Product Name')) ?></th>
+                    <th class="col sku"><?= $block->escapeHtml(__('SKU')) ?></th>
+                    <th class="col price"><?= $block->escapeHtml(__('Price')) ?></th>
+                    <th class="col qty"><?= $block->escapeHtml(__('Qty')) ?></th>
+                    <th class="col subtotal"><?= $block->escapeHtml(__('Subtotal')) ?></th>
+                    <th class="col discount"><?= $block->escapeHtml(__('Discount Amount')) ?></th>
+                    <th class="col total"><?= $block->escapeHtml(__('Row Total')) ?></th>
+                </tr>
+            </thead>
+            <?php $_items = $_creditmemo->getAllItems(); ?>
+            <?php foreach ($_items as $_item) : ?>
+                <?php if (!$_item->getOrderItem()->getParentItem()) : ?>
+                    <tbody>
+                        <?= $block->getItemHtml($_item) ?>
+                    </tbody>
+                <?php endif; ?>
+            <?php endforeach; ?>
+            <tfoot>
+                <?= $block->getTotalsHtml($_creditmemo) ?>
+            </tfoot>
+        </table>
+    </div>
+    <?= $block->getCommentsHtml($_creditmemo) ?>
 <?php endforeach; ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/creditmemo/items/renderer/default.phtml b/app/code/Magento/Sales/view/frontend/templates/order/creditmemo/items/renderer/default.phtml
index 2dbef1f485945..1740ef2261c97 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/creditmemo/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/creditmemo/items/renderer/default.phtml
@@ -3,45 +3,46 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php /** @var  $block \Magento\Sales\Block\Order\Item\Renderer\DefaultRenderer */ ?>
 <?php $_item = $block->getItem() ?>
 <?php $_order = $block->getItem()->getOrderItem()->getOrder() ?>
-<tr id="order-item-row-<?= /* @escapeNotVerified */ $_item->getId() ?>">
-    <td class="col name" data-th="<?= $block->escapeHtml(__('Product Name')) ?>">
+<tr id="order-item-row-<?= (int) $_item->getId() ?>">
+    <td class="col name" data-th="<?= $block->escapeHtmlAttr(__('Product Name')) ?>">
         <strong class="product name product-item-name"><?= $block->escapeHtml($_item->getName()) ?></strong>
-        <?php if ($_options = $block->getItemOptions()): ?>
-        <dl class="item-options">
-        <?php foreach ($_options as $_option) : ?>
-            <dt><?= $block->escapeHtml($_option['label']) ?></dt>
-            <?php if (!$block->getPrintStatus()): ?>
-                <?php $_formatedOptionValue = $block->getFormatedOptionValue($_option) ?>
-                <dd<?php if (isset($_formatedOptionValue['full_view'])): ?> class="tooltip wrapper"<?php endif; ?>>
-                    <?= $block->escapeHtml($_formatedOptionValue['value']) ?>
-                    <?php if (isset($_formatedOptionValue['full_view'])): ?>
-                    <div class="tooltip content">
-                        <dl class="item options">
-                            <dt><?= $block->escapeHtml($_option['label']) ?></dt>
-                            <dd><?= $block->escapeHtml($_formatedOptionValue['full_view']) ?></dd>
-                        </dl>
-                    </div>
-                    <?php endif; ?>
-                </dd>
-            <?php else: ?>
-                <dd><?= $block->escapeHtml((isset($_option['print_value']) ? $_option['print_value'] : $_option['value'])) ?></dd>
-            <?php endif; ?>
-        <?php endforeach; ?>
-        </dl>
+        <?php if ($_options = $block->getItemOptions()) : ?>
+            <dl class="item-options">
+            <?php foreach ($_options as $_option) : ?>
+                <dt><?= $block->escapeHtml($_option['label']) ?></dt>
+                <?php if (!$block->getPrintStatus()) : ?>
+                    <?php $_formatedOptionValue = $block->getFormatedOptionValue($_option) ?>
+                    <dd<?= (isset($_formatedOptionValue['full_view']) ? ' class="tooltip wrapper"' : '') ?>>
+                        <?= $block->escapeHtml($_formatedOptionValue['value']) ?>
+                        <?php if (isset($_formatedOptionValue['full_view'])) : ?>
+                        <div class="tooltip content">
+                            <dl class="item options">
+                                <dt><?= $block->escapeHtml($_option['label']) ?></dt>
+                                <dd><?= $block->escapeHtml($_formatedOptionValue['full_view']) ?></dd>
+                            </dl>
+                        </div>
+                        <?php endif; ?>
+                    </dd>
+                <?php else : ?>
+                    <dd>
+                        <?= $block->escapeHtml(
+                            (isset($_option['print_value']) ? $_option['print_value'] : $_option['value'])
+                        ) ?>
+                    </dd>
+                <?php endif; ?>
+            <?php endforeach; ?>
+            </dl>
         <?php endif; ?>
 
         <?php /* downloadable */ ?>
-        <?php if ($links = $block->getLinks()): ?>
+        <?php if ($links = $block->getLinks()) : ?>
             <dl class="item options">
-                <dt><?= /* @escapeNotVerified */ $block->getLinksTitle() ?></dt>
-                <?php foreach ($links->getPurchasedItems() as $link): ?>
+                <dt><?= $block->escapeHtml($block->getLinksTitle()) ?></dt>
+                <?php foreach ($links->getPurchasedItems() as $link) : ?>
                     <dd><?= $block->escapeHtml($link->getLinkTitle()) ?></dd>
                 <?php endforeach; ?>
             </dl>
@@ -49,20 +50,20 @@
         <?php /* EOF downloadable */ ?>
 
         <?php $addInfoBlock = $block->getProductAdditionalInformationBlock(); ?>
-        <?php if ($addInfoBlock) :?>
+        <?php if ($addInfoBlock) : ?>
             <?= $addInfoBlock->setItem($_item->getOrderItem())->toHtml() ?>
         <?php endif; ?>
         <?= $block->escapeHtml($_item->getDescription()) ?>
     </td>
-    <td class="col sku" data-th="<?= $block->escapeHtml(__('SKU')) ?>"><?= /* @escapeNotVerified */ $block->prepareSku($block->getSku()) ?></td>
+    <td class="col sku" data-th="<?= $block->escapeHtml(__('SKU')) ?>"><?= /* @noEscape */ $block->prepareSku($block->getSku()) ?></td>
     <td class="col price" data-th="<?= $block->escapeHtml(__('Price')) ?>">
         <?= $block->getItemPriceHtml() ?>
     </td>
-    <td class="col qty" data-th="<?= $block->escapeHtml(__('Qty')) ?>"><?= /* @escapeNotVerified */ $_item->getQty()*1 ?></td>
+    <td class="col qty" data-th="<?= $block->escapeHtml(__('Qty')) ?>"><?= (int) $_item->getQty() * 1 ?></td>
     <td class="col subtotal" data-th="<?= $block->escapeHtml(__('Subtotal')) ?>">
         <?= $block->getItemRowTotalHtml() ?>
     </td>
-    <td class="col discount" data-th="<?= $block->escapeHtml(__('Discount Amount')) ?>"><?= /* @escapeNotVerified */ $_order->formatPrice(-$_item->getDiscountAmount()) ?></td>
+    <td class="col discount" data-th="<?= $block->escapeHtml(__('Discount Amount')) ?>"><?= /* @noEscape */ $_order->formatPrice(-$_item->getDiscountAmount()) ?></td>
     <td class="col total" data-th="<?= $block->escapeHtml(__('Row Total')) ?>">
         <?= $block->getItemRowTotalAfterDiscountHtml() ?>
     </td>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/history.phtml b/app/code/Magento/Sales/view/frontend/templates/order/history.phtml
index b9a032212352b..9ca214a3e3d62 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/history.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/history.phtml
@@ -4,51 +4,50 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
+// phpcs:disable Magento2.Templates.ThisInTemplate
 
 /** @var \Magento\Sales\Block\Order\History $block */
-
 ?>
 <?php $_orders = $block->getOrders(); ?>
 <?= $block->getChildHtml('info') ?>
-<?php if ($_orders && count($_orders)): ?>
+<?php if ($_orders && !empty($_orders)) : ?>
     <div class="table-wrapper orders-history">
         <table class="data table table-order-items history" id="my-orders-table">
-            <caption class="table-caption"><?= /* @escapeNotVerified */ __('Orders') ?></caption>
+            <caption class="table-caption"><?= $block->escapeHtml(__('Orders')) ?></caption>
             <thead>
                 <tr>
-                    <th scope="col" class="col id"><?= /* @escapeNotVerified */ __('Order #') ?></th>
-                    <th scope="col" class="col date"><?= /* @escapeNotVerified */ __('Date') ?></th>
-                    <?= /* @noEscape */ $block->getChildHtml('extra.column.header') ?>
-                    <th scope="col" class="col shipping"><?= /* @escapeNotVerified */ __('Ship To') ?></th>
-                    <th scope="col" class="col total"><?= /* @escapeNotVerified */ __('Order Total') ?></th>
-                    <th scope="col" class="col status"><?= /* @escapeNotVerified */ __('Status') ?></th>
-                    <th scope="col" class="col actions"><?= /* @escapeNotVerified */ __('Action') ?></th>
+                    <th scope="col" class="col id"><?= $block->escapeHtml(__('Order #')) ?></th>
+                    <th scope="col" class="col date"><?= $block->escapeHtml(__('Date')) ?></th>
+                    <?= $block->getChildHtml('extra.column.header') ?>
+                    <th scope="col" class="col shipping"><?= $block->escapeHtml(__('Ship To')) ?></th>
+                    <th scope="col" class="col total"><?= $block->escapeHtml(__('Order Total')) ?></th>
+                    <th scope="col" class="col status"><?= $block->escapeHtml(__('Status')) ?></th>
+                    <th scope="col" class="col actions"><?= $block->escapeHtml(__('Action')) ?></th>
                 </tr>
             </thead>
             <tbody>
-                <?php foreach ($_orders as $_order): ?>
+                <?php foreach ($_orders as $_order) : ?>
                     <tr>
-                        <td data-th="<?= $block->escapeHtml(__('Order #')) ?>" class="col id"><?= /* @escapeNotVerified */ $_order->getRealOrderId() ?></td>
-                        <td data-th="<?= $block->escapeHtml(__('Date')) ?>" class="col date"><?= /* @escapeNotVerified */ $block->formatDate($_order->getCreatedAt()) ?></td>
+                        <td data-th="<?= $block->escapeHtml(__('Order #')) ?>" class="col id"><?= $block->escapeHtml($_order->getRealOrderId()) ?></td>
+                        <td data-th="<?= $block->escapeHtml(__('Date')) ?>" class="col date"><?= /* @noEscape */ $block->formatDate($_order->getCreatedAt()) ?></td>
                         <?php $extra = $block->getChildBlock('extra.container'); ?>
-                        <?php if ($extra): ?>
+                        <?php if ($extra) : ?>
                             <?php $extra->setOrder($_order); ?>
-                            <?= /* @noEscape */ $extra->getChildHtml() ?>
+                            <?= $extra->getChildHtml() ?>
                         <?php endif; ?>
                         <td data-th="<?= $block->escapeHtml(__('Ship To')) ?>" class="col shipping"><?= $_order->getShippingAddress() ? $block->escapeHtml($_order->getShippingAddress()->getName()) : '&nbsp;' ?></td>
-                        <td data-th="<?= $block->escapeHtml(__('Order Total')) ?>" class="col total"><?= /* @escapeNotVerified */ $_order->formatPrice($_order->getGrandTotal()) ?></td>
-                        <td data-th="<?= $block->escapeHtml(__('Status')) ?>" class="col status"><?= /* @escapeNotVerified */ $_order->getStatusLabel() ?></td>
+                        <td data-th="<?= $block->escapeHtml(__('Order Total')) ?>" class="col total"><?= /* @noEscape */ $_order->formatPrice($_order->getGrandTotal()) ?></td>
+                        <td data-th="<?= $block->escapeHtml(__('Status')) ?>" class="col status"><?= $block->escapeHtml($_order->getStatusLabel()) ?></td>
                         <td data-th="<?= $block->escapeHtml(__('Actions')) ?>" class="col actions">
-                            <a href="<?= /* @escapeNotVerified */ $block->getViewUrl($_order) ?>" class="action view">
-                                <span><?= /* @escapeNotVerified */ __('View Order') ?></span>
+                            <a href="<?= $block->escapeUrl($block->getViewUrl($_order)) ?>" class="action view">
+                                <span><?= $block->escapeHtml(__('View Order')) ?></span>
                             </a>
                             <?php if ($this->helper('Magento\Sales\Helper\Reorder')->canReorder($_order->getEntityId())) : ?>
-                                <a href="#" data-post='<?php /* @escapeNotVerified */ echo
+                                <a href="#" data-post='<?= /* @noEscape */
                                 $this->helper(\Magento\Framework\Data\Helper\PostHelper::class)
                                     ->getPostData($block->getReorderUrl($_order))
                                 ?>' class="action order">
-                                    <span><?= /* @escapeNotVerified */ __('Reorder') ?></span>
+                                    <span><?= $block->escapeHtml(__('Reorder')) ?></span>
                                 </a>
                             <?php endif ?>
                         </td>
@@ -57,9 +56,9 @@
             </tbody>
         </table>
     </div>
-    <?php if ($block->getPagerHtml()): ?>
+    <?php if ($block->getPagerHtml()) : ?>
         <div class="order-products-toolbar toolbar bottom"><?= $block->getPagerHtml() ?></div>
     <?php endif ?>
 <?php else: ?>
-    <div class="message info empty"><span><?= /* @escapeNotVerified */ __('You have placed no orders.') ?></span></div>
+    <div class="message info empty"><span><?= $block->escapeHtml(__('You have placed no orders.')) ?></span></div>
 <?php endif ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/info.phtml b/app/code/Magento/Sales/view/frontend/templates/order/info.phtml
index 2a31814d9a054..1bf05f4fed7f7 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/info.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/info.phtml
@@ -3,50 +3,47 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php /** @var $block \Magento\Sales\Block\Order\Info */ ?>
 <?php $_order = $block->getOrder() ?>
 <div class="block block-order-details-view">
     <div class="block-title">
-        <strong><?= /* @escapeNotVerified */ __('Order Information') ?></strong>
+        <strong><?= $block->escapeHtml(__('Order Information')) ?></strong>
     </div>
     <div class="block-content">
-    <?php if (!$_order->getIsVirtual()): ?>
-        <div class="box box-order-shipping-address">
-            <strong class="box-title"><span><?= /* @escapeNotVerified */ __('Shipping Address') ?></span></strong>
-            <div class="box-content">
-                <address><?= /* @escapeNotVerified */ $block->getFormattedAddress($_order->getShippingAddress()) ?></address>
+        <?php if (!$_order->getIsVirtual()) : ?>
+            <div class="box box-order-shipping-address">
+                <strong class="box-title"><span><?= $block->escapeHtml(__('Shipping Address')) ?></span></strong>
+                <div class="box-content">
+                    <address><?= /* @noEscape */ $block->getFormattedAddress($_order->getShippingAddress()) ?></address>
+                </div>
             </div>
-        </div>
 
-        <div class="box box-order-shipping-method">
-            <strong class="box-title">
-                <span><?= /* @escapeNotVerified */ __('Shipping Method') ?></span>
-            </strong>
-            <div class="box-content">
-            <?php if ($_order->getShippingDescription()): ?>
-                <?= $block->escapeHtml($_order->getShippingDescription()) ?>
-            <?php else: ?>
-                <?= /* @escapeNotVerified */ __('No shipping information available') ?>
-            <?php endif; ?>
+            <div class="box box-order-shipping-method">
+                <strong class="box-title">
+                    <span><?= $block->escapeHtml(__('Shipping Method')) ?></span>
+                </strong>
+                <div class="box-content">
+                <?php if ($_order->getShippingDescription()) : ?>
+                    <?= $block->escapeHtml($_order->getShippingDescription()) ?>
+                <?php else : ?>
+                    <?= $block->escapeHtml(__('No shipping information available')) ?>
+                <?php endif; ?>
+                </div>
             </div>
-        </div>
-    <?php endif; ?>
+        <?php endif; ?>
 
         <div class="box box-order-billing-address">
             <strong class="box-title">
-                <span><?= /* @escapeNotVerified */ __('Billing Address') ?></span>
+                <span><?= $block->escapeHtml(__('Billing Address')) ?></span>
             </strong>
             <div class="box-content">
-                <address><?= /* @escapeNotVerified */ $block->getFormattedAddress($_order->getBillingAddress()) ?></address>
+                <address><?= /* @noEscape */ $block->getFormattedAddress($_order->getBillingAddress()) ?></address>
             </div>
         </div>
         <div class="box box-order-billing-method">
             <strong class="box-title">
-                <span><?= /* @escapeNotVerified */ __('Payment Method') ?></span>
+                <span><?= $block->escapeHtml(__('Payment Method')) ?></span>
             </strong>
             <div class="box-content">
                 <?= $block->getPaymentInfoHtml() ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/info/buttons.phtml b/app/code/Magento/Sales/view/frontend/templates/order/info/buttons.phtml
index fa3f63b61cd07..faff4ccdb3399 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/info/buttons.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/info/buttons.phtml
@@ -4,23 +4,22 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+// phpcs:disable Magento2.Templates.ThisInTemplate
 ?>
 <div class="actions">
-    <?php  $_order = $block->getOrder() ?>
-    <?php if ($this->helper('Magento\Sales\Helper\Reorder')->canReorder($_order->getEntityId())) : ?>
-        <a href="#" data-post='<?php /* @escapeNotVerified */ echo
-        $this->helper(\Magento\Framework\Data\Helper\PostHelper::class)
+    <?php $_order = $block->getOrder() ?>
+    <?php if ($this->helper(Magento\Sales\Helper\Reorder::class)->canReorder($_order->getEntityId())) : ?>
+        <a href="#" data-post='<?=
+        /* @noEscape */ $this->helper(\Magento\Framework\Data\Helper\PostHelper::class)
             ->getPostData($block->getReorderUrl($_order))
         ?>' class="action order">
-            <span><?= /* @escapeNotVerified */ __('Reorder') ?></span>
+            <span><?= $block->escapeHtml(__('Reorder')) ?></span>
         </a>
     <?php endif ?>
     <a class="action print"
-       href="<?= /* @escapeNotVerified */ $block->getPrintUrl($_order) ?>"
+       href="<?= $block->escapeUrl($block->getPrintUrl($_order)) ?>"
        onclick="this.target='_blank';">
-        <span><?= /* @escapeNotVerified */ __('Print Order') ?></span>
+        <span><?= $block->escapeHtml(__('Print Order')) ?></span>
     </a>
     <?= $block->getChildHtml() ?>
 </div>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/info/buttons/rss.phtml b/app/code/Magento/Sales/view/frontend/templates/order/info/buttons/rss.phtml
index 3ea1bf6452c03..e29d1aa1f849f 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/info/buttons/rss.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/info/buttons/rss.phtml
@@ -4,12 +4,10 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var $block \Magento\Sales\Block\Order\Info\Buttons\Rss */
 ?>
-<?php if ($block->isRssAllowed() && $block->getLink()): ?>
-<a href="<?= /* @escapeNotVerified */ $block->getLink() ?>" class="action rss">
-    <span><?= /* @escapeNotVerified */ $block->getLabel() ?></span>
-</a>
+<?php if ($block->isRssAllowed() && $block->getLink()) : ?>
+    <a href="<?= $block->escapeHtmlAttr($block->getLink()) ?>" class="action rss">
+        <span><?= $block->escapeHtml($block->getLabel()) ?></span>
+    </a>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/invoice.phtml b/app/code/Magento/Sales/view/frontend/templates/order/invoice.phtml
index 699067dc9612c..017331ad72b76 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/invoice.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/invoice.phtml
@@ -3,13 +3,15 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+/* @var $block \Magento\Sales\Block\Order\Invoice */
 ?>
 <div class="order-details-items invoice">
     <?= $block->getChildHtml('invoice_items') ?>
     <div class="actions-toolbar">
         <div class="secondary">
-            <a href="<?= /* @escapeNotVerified */ $block->getBackUrl() ?>" class="action back">
-                <span><?= /* @escapeNotVerified */ $block->getBackTitle() ?></span>
+            <a href="<?= $block->escapeUrl($block->getBackUrl()) ?>" class="action back">
+                <span><?= $block->escapeHtml($block->getBackTitle()) ?></span>
             </a>
         </div>
     </div>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/invoice/items.phtml b/app/code/Magento/Sales/view/frontend/templates/order/invoice/items.phtml
index 0f3236ec25bc3..ab896fecdb169 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/invoice/items.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/invoice/items.phtml
@@ -3,51 +3,48 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_order = $block->getOrder() ?>
 <div class="actions-toolbar">
-    <a href="<?= /* @escapeNotVerified */ $block->getPrintAllInvoicesUrl($_order) ?>"
+    <a href="<?= $block->escapeUrl($block->getPrintAllInvoicesUrl($_order)) ?>"
        target="_blank"
        class="action print">
-        <span><?= /* @escapeNotVerified */ __('Print All Invoices') ?></span>
+        <span><?= $block->escapeHtml(__('Print All Invoices')) ?></span>
     </a>
 </div>
-<?php foreach ($_order->getInvoiceCollection() as $_invoice): ?>
-<div class="order-title">
-    <strong><?= /* @escapeNotVerified */ __('Invoice #') ?><?= /* @escapeNotVerified */ $_invoice->getIncrementId() ?></strong>
-    <a href="<?= /* @escapeNotVerified */ $block->getPrintInvoiceUrl($_invoice) ?>"
-       onclick="this.target='_blank'"
-       class="action print">
-        <span><?= /* @escapeNotVerified */ __('Print Invoice') ?></span>
-    </a>
-</div>
-<div class="table-wrapper table-order-items invoice">
-    <table class="data table table-order-items invoice" id="my-invoice-table-<?= /* @escapeNotVerified */ $_invoice->getId() ?>">
-        <caption class="table-caption"><?= /* @escapeNotVerified */ __('Items Invoiced') ?></caption>
-        <thead>
-            <tr>
-                <th class="col name"><?= /* @escapeNotVerified */ __('Product Name') ?></th>
-                <th class="col sku"><?= /* @escapeNotVerified */ __('SKU') ?></th>
-                <th class="col price"><?= /* @escapeNotVerified */ __('Price') ?></th>
-                <th class="col qty"><?= /* @escapeNotVerified */ __('Qty Invoiced') ?></th>
-                <th class="col subtotal"><?= /* @escapeNotVerified */ __('Subtotal') ?></th>
-            </tr>
-        </thead>
-        <?php $_items = $_invoice->getAllItems(); ?>
-        <?php foreach ($_items as $_item): ?>
-            <?php if (!$_item->getOrderItem()->getParentItem()) : ?>
-                <tbody>
-                    <?= $block->getItemHtml($_item) ?>
-                </tbody>
-            <?php endif; ?>
-        <?php endforeach; ?>
-        <tfoot>
-            <?= $block->getInvoiceTotalsHtml($_invoice) ?>
-        </tfoot>
-    </table>
-</div>
-<?= $block->getInvoiceCommentsHtml($_invoice) ?>
+<?php foreach ($_order->getInvoiceCollection() as $_invoice) : ?>
+    <div class="order-title">
+        <strong><?= $block->escapeHtml(__('Invoice #')) ?><?= $block->escapeHtml($_invoice->getIncrementId()) ?></strong>
+        <a href="<?= $block->escapeUrl($block->getPrintInvoiceUrl($_invoice)) ?>"
+           onclick="this.target='_blank'"
+           class="action print">
+            <span><?= $block->escapeHtml(__('Print Invoice')) ?></span>
+        </a>
+    </div>
+    <div class="table-wrapper table-order-items invoice">
+        <table class="data table table-order-items invoice" id="my-invoice-table-<?= (int) $_invoice->getId() ?>">
+            <caption class="table-caption"><?= $block->escapeHtml(__('Items Invoiced')) ?></caption>
+            <thead>
+                <tr>
+                    <th class="col name"><?= $block->escapeHtml(__('Product Name')) ?></th>
+                    <th class="col sku"><?= $block->escapeHtml(__('SKU')) ?></th>
+                    <th class="col price"><?= $block->escapeHtml(__('Price')) ?></th>
+                    <th class="col qty"><?= $block->escapeHtml(__('Qty Invoiced')) ?></th>
+                    <th class="col subtotal"><?= $block->escapeHtml(__('Subtotal')) ?></th>
+                </tr>
+            </thead>
+            <?php $_items = $_invoice->getAllItems(); ?>
+            <?php foreach ($_items as $_item): ?>
+                <?php if (!$_item->getOrderItem()->getParentItem()) : ?>
+                    <tbody>
+                        <?= $block->getItemHtml($_item) ?>
+                    </tbody>
+                <?php endif; ?>
+            <?php endforeach; ?>
+            <tfoot>
+                <?= $block->getInvoiceTotalsHtml($_invoice) ?>
+            </tfoot>
+        </table>
+    </div>
+    <?= $block->getInvoiceCommentsHtml($_invoice) ?>
 <?php endforeach; ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/invoice/items/renderer/default.phtml b/app/code/Magento/Sales/view/frontend/templates/order/invoice/items/renderer/default.phtml
index c17c46d5f945a..beb1a4f8e3813 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/invoice/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/invoice/items/renderer/default.phtml
@@ -3,38 +3,35 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php /** @var  $block \Magento\Sales\Block\Order\Item\Renderer\DefaultRenderer */ ?>
 <?php $_item = $block->getItem() ?>
 <?php $_order = $block->getItem()->getOrderItem()->getOrder() ?>
-<tr id="order-item-row-<?= /* @escapeNotVerified */ $_item->getId() ?>">
+<tr id="order-item-row-<?= (int) $_item->getId() ?>">
     <td class="col name" data-th="<?= $block->escapeHtml(__('Product Name')) ?>">
         <strong class="product name product-item-name"><?= $block->escapeHtml($_item->getName()) ?></strong>
-        <?php if ($_options = $block->getItemOptions()): ?>
-        <dl class="item-options">
-        <?php foreach ($_options as $_option) : ?>
-            <dt><?= $block->escapeHtml($_option['label']) ?></dt>
-            <?php if (!$block->getPrintStatus()): ?>
-                <?php $_formatedOptionValue = $block->getFormatedOptionValue($_option) ?>
-                <dd<?php if (isset($_formatedOptionValue['full_view'])): ?> class="tooltip wrapper"<?php endif; ?>>
-                    <?= $block->escapeHtml($_formatedOptionValue['value']) ?>
-                    <?php if (isset($_formatedOptionValue['full_view'])): ?>
-                    <div class="tooltip content">
-                        <dl class="item options">
-                            <dt><?= $block->escapeHtml($_option['label']) ?></dt>
-                            <dd><?= $block->escapeHtml($_formatedOptionValue['full_view']) ?></dd>
-                        </dl>
-                    </div>
-                    <?php endif; ?>
-                </dd>
-            <?php else: ?>
-                <dd><?= $block->escapeHtml((isset($_option['print_value']) ? $_option['print_value'] : $_option['value'])) ?></dd>
-            <?php endif; ?>
-        <?php endforeach; ?>
-        </dl>
+        <?php if ($_options = $block->getItemOptions()) : ?>
+            <dl class="item-options">
+            <?php foreach ($_options as $_option) : ?>
+                <dt><?= $block->escapeHtml($_option['label']) ?></dt>
+                <?php if (!$block->getPrintStatus()) : ?>
+                    <?php $_formatedOptionValue = $block->getFormatedOptionValue($_option) ?>
+                    <dd<?= (isset($_formatedOptionValue['full_view']) ? ' class="tooltip wrapper"' : '') ?>>
+                        <?= $block->escapeHtml($_formatedOptionValue['value']) ?>
+                        <?php if (isset($_formatedOptionValue['full_view'])) : ?>
+                            <div class="tooltip content">
+                                <dl class="item options">
+                                    <dt><?= $block->escapeHtml($_option['label']) ?></dt>
+                                    <dd><?= $block->escapeHtml($_formatedOptionValue['full_view']) ?></dd>
+                                </dl>
+                            </div>
+                        <?php endif; ?>
+                    </dd>
+                <?php else : ?>
+                    <dd><?= $block->escapeHtml((isset($_option['print_value']) ? $_option['print_value'] : $_option['value'])) ?></dd>
+                <?php endif; ?>
+            <?php endforeach; ?>
+            </dl>
         <?php endif; ?>
         <?php $addInfoBlock = $block->getProductAdditionalInformationBlock(); ?>
         <?php if ($addInfoBlock) :?>
@@ -42,12 +39,12 @@
         <?php endif; ?>
         <?= $block->escapeHtml($_item->getDescription()) ?>
     </td>
-    <td class="col sku" data-th="<?= $block->escapeHtml(__('SKU')) ?>"><?= /* @escapeNotVerified */ $block->prepareSku($block->getSku()) ?></td>
+    <td class="col sku" data-th="<?= $block->escapeHtml(__('SKU')) ?>"><?= /* @noEscape */ $block->prepareSku($block->getSku()) ?></td>
     <td class="col price" data-th="<?= $block->escapeHtml(__('Price')) ?>">
         <?= $block->getItemPriceHtml() ?>
     </td>
     <td class="col qty" data-th="<?= $block->escapeHtml(__('Qty Invoiced')) ?>">
-        <span class="qty summary"><?= /* @escapeNotVerified */ $_item->getQty()*1 ?></span>
+        <span class="qty summary"><?= (int) $_item->getQty()*1 ?></span>
     </td>
     <td class="col subtotal" data-th="<?= $block->escapeHtml(__('Subtotal')) ?>">
         <?= $block->getItemRowTotalHtml() ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/items.phtml b/app/code/Magento/Sales/view/frontend/templates/order/items.phtml
index dc179b6ee4ac1..3ce499946fd44 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/items.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/items.phtml
@@ -4,15 +4,15 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
+// phpcs:disable Magento2.Templates.ThisInTemplate
 
 /** @var \Magento\Sales\Block\Order\Items $block */
 ?>
 <div class="table-wrapper order-items">
-    <table class="data table table-order-items" id="my-orders-table" summary="<?= /* @escapeNotVerified */ __('Items Ordered') ?>">
-        <caption class="table-caption"><?= /* @escapeNotVerified */ __('Items Ordered') ?></caption>
+    <table class="data table table-order-items" id="my-orders-table" summary="<?= $block->escapeHtml(__('Items Ordered')) ?>">
+        <caption class="table-caption"><?= $block->escapeHtml(__('Items Ordered')) ?></caption>
         <thead>
-            <?php if($block->isPagerDisplayed()): ?>
+            <?php if ($block->isPagerDisplayed()) : ?>
                 <tr>
                     <td colspan="5" data-block="order-items-pager-top" class="order-pager-wrapper order-pager-wrapper-top">
                         <?= $block->getPagerHtml() ?>
@@ -20,44 +20,46 @@
                 </tr>
             <?php endif ?>
             <tr>
-                <th class="col name"><?= /* @escapeNotVerified */ __('Product Name') ?></th>
-                <th class="col sku"><?= /* @escapeNotVerified */ __('SKU') ?></th>
-                <th class="col price"><?= /* @escapeNotVerified */ __('Price') ?></th>
-                <th class="col qty"><?= /* @escapeNotVerified */ __('Qty') ?></th>
-                <th class="col subtotal"><?= /* @escapeNotVerified */ __('Subtotal') ?></th>
+                <th class="col name"><?= $block->escapeHtml(__('Product Name')) ?></th>
+                <th class="col sku"><?= $block->escapeHtml(__('SKU')) ?></th>
+                <th class="col price"><?= $block->escapeHtml(__('Price')) ?></th>
+                <th class="col qty"><?= $block->escapeHtml(__('Qty')) ?></th>
+                <th class="col subtotal"><?= $block->escapeHtml(__('Subtotal')) ?></th>
             </tr>
         </thead>
         <?php $items = $block->getItems(); ?>
         <?php $giftMessage = ''?>
         <tbody>
-        <?php foreach ($items as $item): ?>
-            <?php if ($item->getParentItem()) continue; ?>
-
+        <?php foreach ($items as $item) :
+            if ($item->getParentItem()) :
+                continue;
+            endif;
+            ?>
                 <?= $block->getItemHtml($item) ?>
-                <?php if ($this->helper('Magento\GiftMessage\Helper\Message')->isMessagesAllowed('order_item', $item) && $item->getGiftMessageId()): ?>
-                    <?php $giftMessage = $this->helper('Magento\GiftMessage\Helper\Message')->getGiftMessageForEntity($item); ?>
+                <?php if ($this->helper(Magento\GiftMessage\Helper\Message::class)->isMessagesAllowed('order_item', $item) && $item->getGiftMessageId()) : ?>
+                    <?php $giftMessage = $this->helper(Magento\GiftMessage\Helper\Message::class)->getGiftMessageForEntity($item); ?>
                     <tr>
                         <td class="col options" colspan="5">
                             <a href="#"
-                               id="order-item-gift-message-link-<?= /* @escapeNotVerified */ $item->getId() ?>"
+                               id="order-item-gift-message-link-<?= (int) $item->getId() ?>"
                                class="action show"
-                               aria-controls="order-item-gift-message-<?= /* @escapeNotVerified */ $item->getId() ?>"
-                               data-item-id="<?= /* @escapeNotVerified */ $item->getId() ?>">
-                                <?= /* @escapeNotVerified */ __('Gift Message') ?>
+                               aria-controls="order-item-gift-message-<?= (int) $item->getId() ?>"
+                               data-item-id="<?= (int) $item->getId() ?>">
+                                <?= $block->escapeHtml(__('Gift Message')) ?>
                             </a>
-                            <?php $giftMessage = $this->helper('Magento\GiftMessage\Helper\Message')->getGiftMessageForEntity($item); ?>
-                            <div class="order-gift-message" id="order-item-gift-message-<?= /* @escapeNotVerified */ $item->getId() ?>" role="region" aria-expanded="false" tabindex="-1">
+                            <?php $giftMessage = $this->helper(Magento\GiftMessage\Helper\Message::class)->getGiftMessageForEntity($item); ?>
+                            <div class="order-gift-message" id="order-item-gift-message-<?= (int) $item->getId() ?>" role="region" aria-expanded="false" tabindex="-1">
                                 <a href="#"
-                                   title="<?= /* @escapeNotVerified */ __('Close') ?>"
-                                   aria-controls="order-item-gift-message-<?= /* @escapeNotVerified */ $item->getId() ?>"
-                                   data-item-id="<?= /* @escapeNotVerified */ $item->getId() ?>"
+                                   title="<?= $block->escapeHtml(__('Close')) ?>"
+                                   aria-controls="order-item-gift-message-<?= (int) $item->getId() ?>"
+                                   data-item-id="<?= (int) $item->getId() ?>"
                                    class="action close">
-                                    <?= /* @escapeNotVerified */ __('Close') ?>
+                                    <?= $block->escapeHtml(__('Close')) ?>
                                 </a>
                                 <dl class="item-options">
-                                    <dt class="item-sender"><strong class="label"><?= /* @escapeNotVerified */ __('From') ?></strong><?= $block->escapeHtml($giftMessage->getSender()) ?></dt>
-                                    <dt class="item-recipient"><strong class="label"><?= /* @escapeNotVerified */ __('To') ?></strong><?= $block->escapeHtml($giftMessage->getRecipient()) ?></dt>
-                                    <dd class="item-message"><?= /* @escapeNotVerified */ $this->helper('Magento\GiftMessage\Helper\Message')->getEscapedGiftMessage($item) ?></dd>
+                                    <dt class="item-sender"><strong class="label"><?= $block->escapeHtml(__('From')) ?></strong><?= $block->escapeHtml($giftMessage->getSender()) ?></dt>
+                                    <dt class="item-recipient"><strong class="label"><?= $block->escapeHtml(__('To')) ?></strong><?= $block->escapeHtml($giftMessage->getRecipient()) ?></dt>
+                                    <dd class="item-message"><?= /* @noEscape */ $this->helper(Magento\GiftMessage\Helper\Message::class)->getEscapedGiftMessage($item) ?></dd>
                                 </dl>
                             </div>
                         </td>
@@ -66,7 +68,7 @@
         <?php endforeach; ?>
         </tbody>
         <tfoot>
-            <?php if($block->isPagerDisplayed()): ?>
+            <?php if ($block->isPagerDisplayed()) : ?>
                 <tr>
                     <td colspan="5" data-block="order-items-pager-bottom" class="order-pager-wrapper order-pager-wrapper-bottom">
                         <?= $block->getPagerHtml() ?>
@@ -77,7 +79,7 @@
         </tfoot>
     </table>
 </div>
-<?php if ($giftMessage): ?>
+<?php if ($giftMessage) : ?>
 <script type="text/x-magento-init">
     {
         "a.action.show, a.action.close": {
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/items/renderer/default.phtml b/app/code/Magento/Sales/view/frontend/templates/order/items/renderer/default.phtml
index 19da4994c914e..5ff362c038a1d 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/items/renderer/default.phtml
@@ -4,69 +4,67 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var  $block \Magento\Sales\Block\Order\Item\Renderer\DefaultRenderer */
 $_item = $block->getItem();
 ?>
-<tr id="order-item-row-<?= /* @escapeNotVerified */ $_item->getId() ?>">
+<tr id="order-item-row-<?= (int) $_item->getId() ?>">
     <td class="col name" data-th="<?= $block->escapeHtml(__('Product Name')) ?>">
         <strong class="product name product-item-name"><?= $block->escapeHtml($_item->getName()) ?></strong>
-        <?php if ($_options = $block->getItemOptions()): ?>
-        <dl class="item-options">
-        <?php foreach ($_options as $_option) : ?>
-            <dt><?= $block->escapeHtml($_option['label']) ?></dt>
-            <?php if (!$block->getPrintStatus()): ?>
-                <?php $_formatedOptionValue = $block->getFormatedOptionValue($_option) ?>
-                <dd>
-                    <?php if (isset($_formatedOptionValue['full_view'])): ?>
-                        <?= $block->escapeHtml($_formatedOptionValue['full_view'], ['a']) ?>
-                    <?php else: ?>
-                        <?=$block->escapeHtml($_formatedOptionValue['value'], ['a']) ?>
-                    <?php endif; ?>
-                </dd>
-            <?php else: ?>
-                <dd>
-                    <?= nl2br($block->escapeHtml((isset($_option['print_value']) ? $_option['print_value'] : $_option['value']))) ?>
-                </dd>
-            <?php endif; ?>
-        <?php endforeach; ?>
-        </dl>
+        <?php if ($_options = $block->getItemOptions()) : ?>
+            <dl class="item-options">
+            <?php foreach ($_options as $_option) : ?>
+                <dt><?= $block->escapeHtml($_option['label']) ?></dt>
+                <?php if (!$block->getPrintStatus()) : ?>
+                    <?php $_formatedOptionValue = $block->getFormatedOptionValue($_option) ?>
+                    <dd>
+                        <?php if (isset($_formatedOptionValue['full_view'])) : ?>
+                            <?= $block->escapeHtml($_formatedOptionValue['full_view'], ['a']) ?>
+                        <?php else : ?>
+                            <?=$block->escapeHtml($_formatedOptionValue['value'], ['a']) ?>
+                        <?php endif; ?>
+                    </dd>
+                <?php else : ?>
+                    <dd>
+                        <?= /* @noEscape */ nl2br($block->escapeHtml((isset($_option['print_value']) ? $_option['print_value'] : $_option['value']))) ?>
+                    </dd>
+                <?php endif; ?>
+            <?php endforeach; ?>
+            </dl>
         <?php endif; ?>
         <?php $addtInfoBlock = $block->getProductAdditionalInformationBlock(); ?>
-        <?php if ($addtInfoBlock) :?>
+        <?php if ($addtInfoBlock) : ?>
             <?= $addtInfoBlock->setItem($_item)->toHtml() ?>
         <?php endif; ?>
         <?= $block->escapeHtml($_item->getDescription()) ?>
     </td>
-    <td class="col sku" data-th="<?= $block->escapeHtml(__('SKU')) ?>"><?= /* @escapeNotVerified */ $block->prepareSku($block->getSku()) ?></td>
+    <td class="col sku" data-th="<?= $block->escapeHtml(__('SKU')) ?>"><?= /* @noEscape */ $block->prepareSku($block->getSku()) ?></td>
     <td class="col price" data-th="<?= $block->escapeHtml(__('Price')) ?>">
         <?= $block->getItemPriceHtml() ?>
     </td>
     <td class="col qty" data-th="<?= $block->escapeHtml(__('Qty')) ?>">
         <ul class="items-qty">
-        <?php if ($block->getItem()->getQtyOrdered() > 0): ?>
+        <?php if ($block->getItem()->getQtyOrdered() > 0) : ?>
             <li class="item">
-                <span class="title"><?= /* @escapeNotVerified */ __('Ordered') ?></span>
-                <span class="content"><?= /* @escapeNotVerified */ $block->getItem()->getQtyOrdered()*1 ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Ordered')) ?></span>
+                <span class="content"><?= (int) $block->getItem()->getQtyOrdered()*1 ?></span>
             </li>
         <?php endif; ?>
-        <?php if ($block->getItem()->getQtyShipped() > 0): ?>
+        <?php if ($block->getItem()->getQtyShipped() > 0) : ?>
             <li class="item">
-                <span class="title"><?= /* @escapeNotVerified */ __('Shipped') ?></span>
-                <span class="content"><?= /* @escapeNotVerified */ $block->getItem()->getQtyShipped()*1 ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Shipped')) ?></span>
+                <span class="content"><?= (int) $block->getItem()->getQtyShipped()*1 ?></span>
             </li>
         <?php endif; ?>
-        <?php if ($block->getItem()->getQtyCanceled() > 0): ?>
+        <?php if ($block->getItem()->getQtyCanceled() > 0) : ?>
             <li class="item">
-                <span class="title"><?= /* @escapeNotVerified */ __('Canceled') ?></span>
-                <span class="content"><?= /* @escapeNotVerified */ $block->getItem()->getQtyCanceled()*1 ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Canceled')) ?></span>
+                <span class="content"><?= (int) $block->getItem()->getQtyCanceled()*1 ?></span>
             </li>
         <?php endif; ?>
-        <?php if ($block->getItem()->getQtyRefunded() > 0): ?>
+        <?php if ($block->getItem()->getQtyRefunded() > 0) : ?>
             <li class="item">
-                <span class="title"><?= /* @escapeNotVerified */ __('Refunded') ?></span>
-                <span class="content"><?= /* @escapeNotVerified */ $block->getItem()->getQtyRefunded()*1 ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Refunded')) ?></span>
+                <span class="content"><?= (int) $block->getItem()->getQtyRefunded()*1 ?></span>
             </li>
         <?php endif; ?>
         </ul>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/order_comments.phtml b/app/code/Magento/Sales/view/frontend/templates/order/order_comments.phtml
index 8a8e7b1194caa..6f2d8d87ade86 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/order_comments.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/order_comments.phtml
@@ -3,24 +3,23 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php /** @var  $block \Magento\Sales\Block\Order\View*/?>
 
 <?php $_history = $block->getOrder()->getVisibleStatusHistory() ?>
-<?php if (count($_history)): ?>
+<?php if (!empty($_history)) : ?>
     <div class="block block-order-details-comments">
-        <div class="block-title"><strong><?= /* @escapeNotVerified */ __('About Your Order') ?></strong></div>
+        <div class="block-title"><strong><?= $block->escapeHtml(__('About Your Order')) ?></strong></div>
         <div class="block-content">
             <dl class="order-comments">
-                <?php foreach ($_history as $_historyItem): ?>
-                    <dt class="comment-date"><?= /* @escapeNotVerified */ $block->formatDate($_historyItem->getCreatedAt(), \IntlDateFormatter::MEDIUM, true) ?></dt>
+                <?php foreach ($_history as $_historyItem) : ?>
+                    <dt class="comment-date">
+                        <?= /* @noEscape */
+                        $block->formatDate($_historyItem->getCreatedAt(), \IntlDateFormatter::MEDIUM, true) ?>
+                    </dt>
                     <dd class="comment-content"><?= $block->escapeHtml($_historyItem->getComment()) ?></dd>
                 <?php endforeach; ?>
             </dl>
-
         </div>
     </div>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/order_date.phtml b/app/code/Magento/Sales/view/frontend/templates/order/order_date.phtml
index bcd7cc6e0260d..80a0ea02499cc 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/order_date.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/order_date.phtml
@@ -3,11 +3,7 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-
 <div class="order-date">
-    <?= /* @escapeNotVerified */ __('<span class="label">Order Date:</span> %1', '<date>' . $block->formatDate($block->getOrder()->getCreatedAt(), \IntlDateFormatter::LONG) . '</date>') ?>
+    <?= $block->escapeHtml(__('<span class="label">Order Date:</span> %1', '<date>' . $block->formatDate($block->getOrder()->getCreatedAt(), \IntlDateFormatter::LONG) . '</date>'), ['span', 'date']) ?>
 </div>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/order_status.phtml b/app/code/Magento/Sales/view/frontend/templates/order/order_status.phtml
index c77014d1bf8c9..7a3ff4398d983 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/order_status.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/order_status.phtml
@@ -6,4 +6,4 @@
 ?>
 <?php /** @var $block \Magento\Sales\Block\Order\Info */ ?>
 
-<span class="order-status"><?= /* @escapeNotVerified */ $block->getOrder()->getStatusLabel() ?></span>
+<span class="order-status"><?= $block->escapeHtml($block->getOrder()->getStatusLabel()) ?></span>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/print/creditmemo.phtml b/app/code/Magento/Sales/view/frontend/templates/order/print/creditmemo.phtml
index 567dfc20f2de2..5ac2a768a161d 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/print/creditmemo.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/print/creditmemo.phtml
@@ -3,39 +3,36 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_order = $block->getOrder() ?>
 <?php $_creditmemo = $block->getCreditmemo() ?>
-<?php if ($_creditmemo): ?>
+<?php if ($_creditmemo) : ?>
     <?php $_creditmemos = [$_creditmemo]; ?>
 <?php else: ?>
     <?php $_creditmemos = $_order->getCreditmemosCollection() ?>
 <?php endif; ?>
-<?php foreach ($_creditmemos as $_creditmemo): ?>
+<?php foreach ($_creditmemos as $_creditmemo) : ?>
 <div class="order-details-items creditmemo">
     <div class="order-title">
-        <strong><?= /* @escapeNotVerified */ __('Refund #%1', $_creditmemo->getIncrementId()) ?></strong>
+        <strong><?= $block->escapeHtml(__('Refund #%1', $_creditmemo->getIncrementId())) ?></strong>
     </div>
     <div class="table-wrapper order-items-creditmemo">
-        <table class="data table table-order-items creditmemo" id="my-refund-table-<?= /* @escapeNotVerified */ $_creditmemo->getId() ?>">
-            <caption class="table-caption"><?= /* @escapeNotVerified */ __('Items Refunded') ?></caption>
+        <table class="data table table-order-items creditmemo" id="my-refund-table-<?= (int) $_creditmemo->getId() ?>">
+            <caption class="table-caption"><?= $block->escapeHtml(__('Items Refunded')) ?></caption>
             <thead>
                 <tr>
-                    <th class="col name"><?= /* @escapeNotVerified */ __('Product Name') ?></th>
-                    <th class="col sku"><?= /* @escapeNotVerified */ __('SKU') ?></th>
-                    <th class="col price"><?= /* @escapeNotVerified */ __('Price') ?></th>
-                    <th class="col qty"><?= /* @escapeNotVerified */ __('Qty') ?></th>
-                    <th class="col subtotal"><?= /* @escapeNotVerified */ __('Subtotal') ?></th>
-                    <th class="col discount"><?= /* @escapeNotVerified */ __('Discount Amount') ?></th>
-                    <th class="col rowtotal"><?= /* @escapeNotVerified */ __('Row Total') ?></th>
+                    <th class="col name"><?= $block->escapeHtml(__('Product Name')) ?></th>
+                    <th class="col sku"><?= $block->escapeHtml(__('SKU')) ?></th>
+                    <th class="col price"><?= $block->escapeHtml(__('Price')) ?></th>
+                    <th class="col qty"><?= $block->escapeHtml(__('Qty')) ?></th>
+                    <th class="col subtotal"><?= $block->escapeHtml(__('Subtotal')) ?></th>
+                    <th class="col discount"><?= $block->escapeHtml(__('Discount Amount')) ?></th>
+                    <th class="col rowtotal"><?= $block->escapeHtml(__('Row Total')) ?></th>
                 </tr>
             </thead>
             <?php $_items = $_creditmemo->getAllItems(); ?>
-            <?php foreach ($_items as $_item): ?>
-                <?php if (!$_item->getOrderItem()->getParentItem()): ?>
+            <?php foreach ($_items as $_item) : ?>
+                <?php if (!$_item->getOrderItem()->getParentItem()) : ?>
                     <tbody>
                         <?= $block->getItemHtml($_item) ?>
                     </tbody>
@@ -48,22 +45,22 @@
     </div>
     <div class="block block-order-details-view">
         <div class="block-title">
-            <strong><?= /* @escapeNotVerified */ __('Order Information') ?></strong>
+            <strong><?= $block->escapeHtml(__('Order Information')) ?></strong>
         </div>
         <div class="block-content">
-        <?php if (!$_order->getIsVirtual()): ?>
+        <?php if (!$_order->getIsVirtual()) : ?>
             <div class="box box-order-shipping-address">
                 <div class="box-title">
-                    <strong><?= /* @escapeNotVerified */ __('Shipping Address') ?></strong>
+                    <strong><?= $block->escapeHtml(__('Shipping Address')) ?></strong>
                 </div>
                 <div class="box-content">
                     <?php $_shipping = $_creditmemo->getShippingAddress() ?>
-                    <address><?= /* @escapeNotVerified */ $block->formatAddress($_shipping, 'html') ?></address>
+                    <address><?= /* @noEscape */ $block->formatAddress($_shipping, 'html') ?></address>
                 </div>
             </div>
             <div class="box box-order-shipping-method">
                 <div class="box-title">
-                    <strong><?= /* @escapeNotVerified */ __('Shipping Method') ?></strong>
+                    <strong><?= $block->escapeHtml(__('Shipping Method')) ?></strong>
                 </div>
                 <div class="box-content">
                     <?= $block->escapeHtml($_order->getShippingDescription()) ?>
@@ -72,16 +69,16 @@
         <?php endif; ?>
             <div class="box box-order-billing-address">
                 <div class="box-title">
-                    <strong><?= /* @escapeNotVerified */ __('Billing Address') ?></strong>
+                    <strong><?= $block->escapeHtml(__('Billing Address')) ?></strong>
                 </div>
                 <div class="box-content">
                     <?php $_billing = $_creditmemo->getbillingAddress() ?>
-                    <address><?= /* @escapeNotVerified */ $block->formatAddress($_order->getBillingAddress(), 'html') ?></address>
+                    <address><?= /* @noEscape */ $block->formatAddress($_order->getBillingAddress(), 'html') ?></address>
                 </div>
             </div>
             <div class="box box-order-billing-method">
                 <div class="box-title">
-                    <strong><?= /* @escapeNotVerified */ __('Payment Method') ?></strong>
+                    <strong><?= $block->escapeHtml(__('Payment Method')) ?></strong>
                 </div>
                 <div class="box-content">
                     <?= $block->getPaymentInfoHtml() ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/print/invoice.phtml b/app/code/Magento/Sales/view/frontend/templates/order/print/invoice.phtml
index 6fe6da9e75209..3c0196d59329c 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/print/invoice.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/print/invoice.phtml
@@ -3,37 +3,34 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_order = $block->getOrder() ?>
 <?php $_invoice = $block->getInvoice() ?>
-<?php if ($_invoice): ?>
-<?php $_invoices = [$_invoice]; ?>
-<?php else: ?>
-<?php $_invoices = $_order->getInvoiceCollection() ?>
+<?php if ($_invoice) : ?>
+    <?php $_invoices = [$_invoice]; ?>
+<?php else : ?>
+    <?php $_invoices = $_order->getInvoiceCollection() ?>
 <?php endif; ?>
-<?php foreach ($_invoices as $_invoice): ?>
+<?php foreach ($_invoices as $_invoice) : ?>
 <div class="order-details-items invoice">
     <div class="order-title">
-        <strong><?= /* @escapeNotVerified */ __('Invoice #') ?><?= /* @escapeNotVerified */ $_invoice->getIncrementId() ?></strong>
+        <strong><?= $block->escapeHtml(__('Invoice #')) ?><?= (int) $_invoice->getIncrementId() ?></strong>
     </div>
     <div class="table-wrapper table-order-items invoice">
-        <table class="data table table-order-items invoice" id="my-invoice-table-<?= /* @escapeNotVerified */ $_invoice->getId() ?>">
-            <caption class="table-caption"><?= /* @escapeNotVerified */ __('Items Invoiced') ?></caption>
+        <table class="data table table-order-items invoice" id="my-invoice-table-<?= (int) $_invoice->getId() ?>">
+            <caption class="table-caption"><?= $block->escapeHtml(__('Items Invoiced')) ?></caption>
             <thead>
             <tr>
-                <th class="col name"><?= /* @escapeNotVerified */ __('Product Name') ?></th>
-                <th class="col sku"><?= /* @escapeNotVerified */ __('SKU') ?></th>
-                <th class="col price"><?= /* @escapeNotVerified */ __('Price') ?></th>
-                <th class="col qty"><?= /* @escapeNotVerified */ __('Qty Invoiced') ?></th>
-                <th class="col subtotal"><?= /* @escapeNotVerified */ __('Subtotal') ?></th>
+                <th class="col name"><?= $block->escapeHtml(__('Product Name')) ?></th>
+                <th class="col sku"><?= $block->escapeHtml(__('SKU')) ?></th>
+                <th class="col price"><?= $block->escapeHtml(__('Price')) ?></th>
+                <th class="col qty"><?= $block->escapeHtml(__('Qty Invoiced')) ?></th>
+                <th class="col subtotal"><?= $block->escapeHtml(__('Subtotal')) ?></th>
             </tr>
             </thead>
             <?php $_items = $_invoice->getItemsCollection(); ?>
-            <?php foreach ($_items as $_item): ?>
-                <?php if (!$_item->getOrderItem()->getParentItem()): ?>
+            <?php foreach ($_items as $_item) : ?>
+                <?php if (!$_item->getOrderItem()->getParentItem()) : ?>
                     <tbody>
                         <?= $block->getItemHtml($_item) ?>
                     </tbody>
@@ -46,46 +43,46 @@
     </div>
     <div class="block block-order-details-view">
         <div class="block-title">
-            <strong><?= /* @escapeNotVerified */ __('Order Information') ?></strong>
+            <strong><?= $block->escapeHtml(__('Order Information')) ?></strong>
         </div>
         <div class="block-content">
-        <?php if (!$_order->getIsVirtual()): ?>
+        <?php if (!$_order->getIsVirtual()) : ?>
             <div class="box box-order-shipping-address">
                 <div class="box-title">
-                    <strong><?= /* @escapeNotVerified */ __('Shipping Address') ?></strong>
+                    <strong><?= $block->escapeHtml(__('Shipping Address')) ?></strong>
                 </div>
                 <div class="box-content">
                     <?php $_shipping = $_invoice->getShippingAddress() ?>
-                    <address><?= /* @escapeNotVerified */ $block->formatAddress($_shipping, 'html') ?></address>
+                    <address><?= /* @noEscape */ $block->formatAddress($_shipping, 'html') ?></address>
                 </div>
             </div>
 
             <div class="box box-order-shipping-method">
                 <div class="box-title">
-                    <strong><?= /* @escapeNotVerified */ __('Shipping Method') ?></strong>
+                    <strong><?= $block->escapeHtml(__('Shipping Method')) ?></strong>
                 </div>
                 <div class="box-content">
-                    <?php if ($_order->getShippingDescription()): ?>
+                    <?php if ($_order->getShippingDescription()) : ?>
                         <?= $block->escapeHtml($_order->getShippingDescription()) ?>
-                    <?php else: ?>
-                        <?= /* @escapeNotVerified */ __('No shipping information available') ?>
+                    <?php else : ?>
+                        <?= $block->escapeHtml(__('No shipping information available')) ?>
                     <?php endif; ?>
                 </div>
             </div>
         <?php endif; ?>
             <div class="box box-order-billing-address">
                 <div class="box-title">
-                    <strong><?= /* @escapeNotVerified */ __('Billing Address') ?></strong>
+                    <strong><?= $block->escapeHtml(__('Billing Address')) ?></strong>
                 </div>
                 <div class="box-content">
                     <?php $_billing = $_invoice->getbillingAddress() ?>
-                    <address><?= /* @escapeNotVerified */ $block->formatAddress($_order->getBillingAddress(), 'html') ?></address>
+                    <address><?= /* @noEscape */ $block->formatAddress($_order->getBillingAddress(), 'html') ?></address>
                 </div>
             </div>
 
             <div class="box box-order-billing-method">
                 <div class="box-title">
-                    <strong><?= /* @escapeNotVerified */ __('Payment Method') ?></strong>
+                    <strong><?= $block->escapeHtml(__('Payment Method')) ?></strong>
                 </div>
                 <div class="box-content">
                     <?= $block->getPaymentInfoHtml() ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/print/shipment.phtml b/app/code/Magento/Sales/view/frontend/templates/order/print/shipment.phtml
index d1110d1a8d380..3f12ca1f7b270 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/print/shipment.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/print/shipment.phtml
@@ -3,86 +3,83 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php /* @var $block \Magento\Sales\Block\Order\PrintOrder\Shipment */ ?>
 <?php $order = $block->getOrder(); ?>
-<?php if (!$block->getObjectData($order, 'is_virtual')): ?>
-<?php foreach ($block->getShipmentsCollection() as $shipment): ?>
-    <div class="order-details-items shipments">
-        <div class="order-title">
-            <strong><?= /* @escapeNotVerified */ __('Shipment #%1', $block->getObjectData($shipment, 'increment_id')) ?></strong>
-        </div>
-        <div class="table-wrapper order-items-shipment">
-            <table class="data table table-order-items shipment" id="my-shipment-table-<?= /* @escapeNotVerified */ $block->getObjectData($shipment, 'id') ?>">
-                <caption class="table-caption"><?= /* @escapeNotVerified */ __('Items Invoiced') ?></caption>
-                <thead>
-                <tr>
-                    <th class="col name"><?= /* @escapeNotVerified */ __('Product Name') ?></th>
-                    <th class="col sku"><?= /* @escapeNotVerified */ __('SKU') ?></th>
-                    <th class="col price"><?= /* @escapeNotVerified */ __('Qty Shipped') ?></th>
-                </tr>
-                </thead>
-                <?php foreach ($block->getShipmentItems($shipment) as $item): ?>
-                <tbody>
-                    <?= $block->getItemHtml($item) ?>
-                </tbody>
-                <?php endforeach; ?>
-            </table>
-        </div>
-        <div class="block block-order-details-view">
-            <div class="block-title">
-                <strong><?= /* @escapeNotVerified */ __('Order Information') ?></strong>
+<?php if (!$block->getObjectData($order, 'is_virtual')) : ?>
+    <?php foreach ($block->getShipmentsCollection() as $shipment) : ?>
+        <div class="order-details-items shipments">
+            <div class="order-title">
+                <strong><?= $block->escapeHtml(__('Shipment #%1', $block->getObjectData($shipment, 'increment_id'))) ?></strong>
             </div>
-            <div class="block-content">
-                <div class="box box-order-shipping-address">
-                    <div class="box-title">
-                        <strong><?= /* @escapeNotVerified */ __('Shipping Address') ?></strong>
-                    </div>
-                    <div class="box-content">
-                        <address><?= $block->getShipmentAddressFormattedHtml($shipment) ?></address>
-                    </div>
+            <div class="table-wrapper order-items-shipment">
+                <table class="data table table-order-items shipment" id="my-shipment-table-<?= (int) $block->getObjectData($shipment, 'id') ?>">
+                    <caption class="table-caption"><?= $block->escapeHtml(__('Items Invoiced')) ?></caption>
+                    <thead>
+                    <tr>
+                        <th class="col name"><?= $block->escapeHtml(__('Product Name')) ?></th>
+                        <th class="col sku"><?= $block->escapeHtml(__('SKU')) ?></th>
+                        <th class="col price"><?= $block->escapeHtml(__('Qty Shipped')) ?></th>
+                    </tr>
+                    </thead>
+                    <?php foreach ($block->getShipmentItems($shipment) as $item) : ?>
+                        <tbody>
+                            <?= $block->getItemHtml($item) ?>
+                        </tbody>
+                    <?php endforeach; ?>
+                </table>
+            </div>
+            <div class="block block-order-details-view">
+                <div class="block-title">
+                    <strong><?= $block->escapeHtml(__('Order Information')) ?></strong>
                 </div>
-
-                <div class="box box-order-shipping-method">
-                    <div class="box-title">
-                        <strong><?= /* @escapeNotVerified */ __('Shipping Method') ?></strong>
+                <div class="block-content">
+                    <div class="box box-order-shipping-address">
+                        <div class="box-title">
+                            <strong><?= $block->escapeHtml(__('Shipping Address')) ?></strong>
+                        </div>
+                        <div class="box-content">
+                            <address><?= $block->getShipmentAddressFormattedHtml($shipment) ?></address>
+                        </div>
                     </div>
-                    <div class="box-content">
-                    <?= $block->escapeHtml($block->getObjectData($order, 'shipping_description')) ?>
-                    <?php $tracks = $block->getShipmentTracks($shipment);
-                    if ($tracks): ?>
-                        <dl class="order-tracking">
-                        <?php foreach ($tracks as $track): ?>
-                            <dt class="tracking-title"><?= $block->escapeHtml($block->getObjectData($track, 'title')) ?></dt>
-                            <dd class="tracking-content"><?= $block->escapeHtml($block->getObjectData($track, 'number')) ?></dd>
+
+                    <div class="box box-order-shipping-method">
+                        <div class="box-title">
+                            <strong><?= $block->escapeHtml(__('Shipping Method')) ?></strong>
+                        </div>
+                        <div class="box-content">
+                        <?= $block->escapeHtml($block->getObjectData($order, 'shipping_description')) ?>
+                        <?php $tracks = $block->getShipmentTracks($shipment);
+                        if ($tracks) : ?>
+                            <dl class="order-tracking">
+                            <?php foreach ($tracks as $track) : ?>
+                                <dt class="tracking-title"><?= $block->escapeHtml($block->getObjectData($track, 'title')) ?></dt>
+                                <dd class="tracking-content"><?= $block->escapeHtml($block->getObjectData($track, 'number')) ?></dd>
                             <?php endforeach; ?>
-                        </dl>
-                    <?php endif; ?>
+                            </dl>
+                        <?php endif; ?>
+                        </div>
                     </div>
-                </div>
 
-                <div class="box box-order-billing-method">
-                    <div class="box-title">
-                        <strong><?= /* @escapeNotVerified */ __('Billing Address') ?></strong>
+                    <div class="box box-order-billing-method">
+                        <div class="box-title">
+                            <strong><?= $block->escapeHtml(__('Billing Address')) ?></strong>
+                        </div>
+                        <div class="box-content">
+                            <address><?= $block->getBillingAddressFormattedHtml($order) ?></address>
+                        </div>
                     </div>
-                    <div class="box-content">
-                        <address><?= $block->getBillingAddressFormattedHtml($order) ?></address>
-                    </div>
-                </div>
 
-                <div class="box box-order-billing-method">
-                    <div class="box-title">
-                        <strong><?= /* @escapeNotVerified */ __('Payment Method') ?></strong>
-                    </div>
-                    <div class="box-content">
-                        <?= $block->getPaymentInfoHtml() ?>
+                    <div class="box box-order-billing-method">
+                        <div class="box-title">
+                            <strong><?= $block->escapeHtml(__('Payment Method')) ?></strong>
+                        </div>
+                        <div class="box-content">
+                            <?= $block->getPaymentInfoHtml() ?>
+                        </div>
                     </div>
                 </div>
             </div>
         </div>
-    </div>
     <?php endforeach; ?>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/recent.phtml b/app/code/Magento/Sales/view/frontend/templates/order/recent.phtml
index bb354e920c529..0702724e79e38 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/recent.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/recent.phtml
@@ -4,8 +4,9 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
+// phpcs:disable Magento2.Templates.ThisInTemplate
 
+/** @var $block \Magento\Sales\Block\Order\Recent */
 ?>
 <div class="block block-dashboard-orders">
 <?php
@@ -13,47 +14,49 @@
     $count = count($_orders);
 ?>
     <div class="block-title order">
-        <strong><?= /* @escapeNotVerified */ __('Recent Orders') ?></strong>
-        <?php if ($count > 0): ?>
-            <a class="action view" href="<?= /* @escapeNotVerified */ $block->getUrl('sales/order/history') ?>">
-                <span><?= /* @escapeNotVerified */ __('View All') ?></span>
+        <strong><?= $block->escapeHtml(__('Recent Orders')) ?></strong>
+        <?php if ($count > 0) : ?>
+            <a class="action view" href="<?= $block->escapeUrl($block->getUrl('sales/order/history')) ?>">
+                <span><?= $block->escapeHtml(__('View All')) ?></span>
             </a>
         <?php endif; ?>
     </div>
     <div class="block-content">
     <?= $block->getChildHtml() ?>
-    <?php if ($count > 0): ?>
+    <?php if ($count > 0) : ?>
         <div class="table-wrapper orders-recent">
             <table class="data table table-order-items recent" id="my-orders-table">
-                <caption class="table-caption"><?= /* @escapeNotVerified */ __('Recent Orders') ?></caption>
+                <caption class="table-caption"><?= $block->escapeHtml(__('Recent Orders')) ?></caption>
                 <thead>
                     <tr>
-                        <th scope="col" class="col id"><?= /* @escapeNotVerified */ __('Order #') ?></th>
-                        <th scope="col" class="col date"><?= /* @escapeNotVerified */ __('Date') ?></th>
-                        <th scope="col" class="col shipping"><?= /* @escapeNotVerified */ __('Ship To') ?></th>
-                        <th scope="col" class="col total"><?= /* @escapeNotVerified */ __('Order Total') ?></th>
-                        <th scope="col" class="col status"><?= /* @escapeNotVerified */ __('Status') ?></th>
-                        <th scope="col" class="col actions"><?= /* @escapeNotVerified */ __('Action') ?></th>
+                        <th scope="col" class="col id"><?= $block->escapeHtml(__('Order #')) ?></th>
+                        <th scope="col" class="col date"><?= $block->escapeHtml(__('Date')) ?></th>
+                        <th scope="col" class="col shipping"><?= $block->escapeHtml(__('Ship To')) ?></th>
+                        <th scope="col" class="col total"><?= $block->escapeHtml(__('Order Total')) ?></th>
+                        <th scope="col" class="col status"><?= $block->escapeHtml(__('Status')) ?></th>
+                        <th scope="col" class="col actions"><?= $block->escapeHtml(__('Action')) ?></th>
                     </tr>
                 </thead>
                 <tbody>
-                    <?php foreach ($_orders as $_order): ?>
+                    <?php foreach ($_orders as $_order) : ?>
                         <tr>
-                            <td data-th="<?= $block->escapeHtml(__('Order #')) ?>" class="col id"><?= /* @escapeNotVerified */ $_order->getRealOrderId() ?></td>
-                            <td data-th="<?= $block->escapeHtml(__('Date')) ?>" class="col date"><?= /* @escapeNotVerified */ $block->formatDate($_order->getCreatedAt()) ?></td>
-                            <td data-th="<?= $block->escapeHtml(__('Ship To')) ?>" class="col shipping"><?= $_order->getShippingAddress() ? $block->escapeHtml($_order->getShippingAddress()->getName()) : '&nbsp;' ?></td>
-                            <td data-th="<?= $block->escapeHtml(__('Order Total')) ?>" class="col total"><?= /* @escapeNotVerified */ $_order->formatPrice($_order->getGrandTotal()) ?></td>
-                            <td data-th="<?= $block->escapeHtml(__('Status')) ?>" class="col status"><?= /* @escapeNotVerified */ $_order->getStatusLabel() ?></td>
+                            <td data-th="<?= $block->escapeHtml(__('Order #')) ?>" class="col id"><?= $block->escapeHtml($_order->getRealOrderId()) ?></td>
+                            <td data-th="<?= $block->escapeHtml(__('Date')) ?>" class="col date"><?= $block->escapeHtml($block->formatDate($_order->getCreatedAt())) ?></td>
+                            <td data-th="<?= $block->escapeHtml(__('Ship To')) ?>" class="col shipping"><?= $_order->getShippingAddress() ? $block->escapeHtml($_order->getShippingAddress()->getName()) : "&nbsp;" ?></td>
+                            <td data-th="<?= $block->escapeHtml(__('Order Total')) ?>" class="col total"><?= /* @noEscape */ $_order->formatPrice($_order->getGrandTotal()) ?></td>
+                            <td data-th="<?= $block->escapeHtml(__('Status')) ?>" class="col status"><?= $block->escapeHtml($_order->getStatusLabel()) ?></td>
                             <td data-th="<?= $block->escapeHtml(__('Actions')) ?>" class="col actions">
-                                <a href="<?= /* @escapeNotVerified */ $block->getViewUrl($_order) ?>" class="action view">
-                                    <span><?= /* @escapeNotVerified */ __('View Order') ?></span>
+                                <a href="<?= $block->escapeUrl($block->getViewUrl($_order)) ?>" class="action view">
+                                    <span><?= $block->escapeHtml(__('View Order')) ?></span>
                                 </a>
-                                <?php if ($this->helper('Magento\Sales\Helper\Reorder')->canReorder($_order->getEntityId())) : ?>
-                                    <a href="#" data-post='<?php /* @escapeNotVerified */ echo
+                                <?php if ($this->helper(\Magento\Sales\Helper\Reorder::class)
+                                    ->canReorder($_order->getEntityId())
+                                ) : ?>
+                                    <a href="#" data-post='<?= /* @noEscape */
                                     $this->helper(\Magento\Framework\Data\Helper\PostHelper::class)
                                         ->getPostData($block->getReorderUrl($_order))
                                     ?>' class="action order">
-                                        <span><?= /* @escapeNotVerified */ __('Reorder') ?></span>
+                                        <span><?= $block->escapeHtml(__('Reorder')) ?></span>
                                     </a>
                                 <?php endif ?>
                             </td>
@@ -62,8 +65,8 @@
                 </tbody>
             </table>
         </div>
-    <?php else: ?>
-        <div class="message info empty"><span><?= /* @escapeNotVerified */ __('You have placed no orders.') ?></span></div>
+    <?php else : ?>
+        <div class="message info empty"><span><?= $block->escapeHtml(__('You have placed no orders.')) ?></span></div>
     <?php endif; ?>
     </div>
 </div>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/shipment/items/renderer/default.phtml b/app/code/Magento/Sales/view/frontend/templates/order/shipment/items/renderer/default.phtml
index 3f916b7a8da67..5e8452cf19b4b 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/shipment/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/shipment/items/renderer/default.phtml
@@ -3,44 +3,41 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_item = $block->getItem() ?>
 <?php $_order = $block->getItem()->getOrderItem()->getOrder() ?>
-<tr id="order-item-row-<?= /* @escapeNotVerified */ $_item->getId() ?>">
+<tr id="order-item-row-<?= (int) $_item->getId() ?>">
     <td class="col name" data-th="<?= $block->escapeHtml(__('Product Name')) ?>">
         <strong class="product name product-item-name"><?= $block->escapeHtml($_item->getName()) ?></strong>
-        <?php if ($_options = $block->getItemOptions()): ?>
-        <dl class="item options">
-        <?php foreach ($_options as $_option) : ?>
-            <dt><?= $block->escapeHtml($_option['label']) ?></dt>
-            <?php if (!$block->getPrintStatus()): ?>
-                <?php $_formatedOptionValue = $block->getFormatedOptionValue($_option) ?>
-                <dd<?php if (isset($_formatedOptionValue['full_view'])): ?> class="tooltip wrapper"<?php endif; ?>>
-                    <?= $block->escapeHtml($_formatedOptionValue['value']) ?>
-                    <?php if (isset($_formatedOptionValue['full_view'])): ?>
-                    <div class="tooltip content">
-                        <dl class="item options">
-                            <dt><?= $block->escapeHtml($_option['label']) ?></dt>
-                            <dd><?= $block->escapeHtml($_formatedOptionValue['full_view']) ?></dd>
-                        </dl>
-                    </div>
-                    <?php endif; ?>
-                </dd>
-            <?php else: ?>
-                <dd><?= $block->escapeHtml((isset($_option['print_value']) ? $_option['print_value'] : $_option['value'])) ?></dd>
-            <?php endif; ?>
-        <?php endforeach; ?>
-        </dl>
+        <?php if ($_options = $block->getItemOptions()) : ?>
+            <dl class="item options">
+            <?php foreach ($_options as $_option) : ?>
+                <dt><?= $block->escapeHtml($_option['label']) ?></dt>
+                <?php if (!$block->getPrintStatus()) : ?>
+                    <?php $_formatedOptionValue = $block->getFormatedOptionValue($_option) ?>
+                    <dd<?= (isset($_formatedOptionValue['full_view']) ? ' class="tooltip wrapper"' : '') ?>>
+                        <?= $block->escapeHtml($_formatedOptionValue['value']) ?>
+                        <?php if (isset($_formatedOptionValue['full_view'])) : ?>
+                        <div class="tooltip content">
+                            <dl class="item options">
+                                <dt><?= $block->escapeHtml($_option['label']) ?></dt>
+                                <dd><?= $block->escapeHtml($_formatedOptionValue['full_view']) ?></dd>
+                            </dl>
+                        </div>
+                        <?php endif; ?>
+                    </dd>
+                <?php else : ?>
+                    <dd><?= $block->escapeHtml((isset($_option['print_value']) ? $_option['print_value'] : $_option['value'])) ?></dd>
+                <?php endif; ?>
+            <?php endforeach; ?>
+            </dl>
         <?php endif; ?>
         <?php $addInfoBlock = $block->getProductAdditionalInformationBlock(); ?>
-        <?php if ($addInfoBlock) :?>
+        <?php if ($addInfoBlock) : ?>
             <?= $addInfoBlock->setItem($_item->getOrderItem())->toHtml() ?>
         <?php endif; ?>
         <?= $block->escapeHtml($_item->getDescription()) ?>
     </td>
-    <td class="col sku" data-th="<?= $block->escapeHtml(__('SKU')) ?>"><?= /* @escapeNotVerified */ $block->prepareSku($block->getSku()) ?></td>
-    <td class="col qty" data-th="<?= $block->escapeHtml(__('Qty Shipped')) ?>"><?= /* @escapeNotVerified */ $_item->getQty()*1 ?></td>
+    <td class="col sku" data-th="<?= $block->escapeHtml(__('SKU')) ?>"><?= /* @noEscape */ $block->prepareSku($block->getSku()) ?></td>
+    <td class="col qty" data-th="<?= $block->escapeHtml(__('Qty Shipped')) ?>"><?= (int) $_item->getQty()*1 ?></td>
 </tr>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/totals.phtml b/app/code/Magento/Sales/view/frontend/templates/order/totals.phtml
index 8f0e884a22953..e62fb341519aa 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/totals.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/totals.phtml
@@ -4,32 +4,30 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /**
  * @var $block \Magento\Sales\Block\Order\Totals
  * @see \Magento\Sales\Block\Order\Totals
  */
 ?>
-<?php foreach ($block->getTotals() as $_code => $_total): ?>
-    <?php if ($_total->getBlockName()): ?>
+<?php foreach ($block->getTotals() as $_code => $_total) : ?>
+    <?php if ($_total->getBlockName()) : ?>
         <?= $block->getChildHtml($_total->getBlockName(), false) ?>
-    <?php else:?>
-    <tr class="<?= /* @escapeNotVerified */ $_code ?>">
-        <th <?= /* @escapeNotVerified */ $block->getLabelProperties() ?> scope="row">
-            <?php if ($_total->getStrong()):?>
-            <strong><?= $block->escapeHtml($_total->getLabel()) ?></strong>
-            <?php else:?>
-            <?= $block->escapeHtml($_total->getLabel()) ?>
-            <?php endif?>
+    <?php else :?>
+    <tr class="<?= $block->escapeHtmlAttr($_code) ?>">
+        <th <?= $block->escapeHtmlAttr($block->getLabelProperties()) ?> scope="row">
+            <?php if ($_total->getStrong()) : ?>
+                <strong><?= $block->escapeHtml($_total->getLabel()) ?></strong>
+            <?php else : ?>
+                <?= $block->escapeHtml($_total->getLabel()) ?>
+            <?php endif ?>
         </th>
-        <td <?= /* @escapeNotVerified */ $block->getValueProperties() ?> data-th="<?= $block->escapeHtml($_total->getLabel()) ?>">
-            <?php if ($_total->getStrong()):?>
-            <strong><?= /* @escapeNotVerified */ $block->formatValue($_total) ?></strong>
-            <?php else:?>
-            <?= /* @escapeNotVerified */ $block->formatValue($_total) ?>
+        <td <?= $block->escapeHtmlAttr($block->getValueProperties()) ?> data-th="<?= $block->escapeHtmlAttr($_total->getLabel()) ?>">
+            <?php if ($_total->getStrong()) : ?>
+                <strong><?= /* @noEscape */ $block->formatValue($_total) ?></strong>
+            <?php else : ?>
+                <?= /* @noEscape */ $block->formatValue($_total) ?>
             <?php endif?>
         </td>
     </tr>
-    <?php endif?>
+    <?php endif; ?>
 <?php endforeach?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/view.phtml b/app/code/Magento/Sales/view/frontend/templates/order/view.phtml
index 1cb8533763759..273554667ffe4 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/view.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/view.phtml
@@ -4,31 +4,37 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+// phpcs:disable Magento2.Templates.ThisInTemplate
 ?>
 <?php /** @var  $block \Magento\Sales\Block\Order\View*/?>
 <div class="order-details-items ordered">
     <?php $_order = $block->getOrder() ?>
 
     <div class="order-title">
-        <strong><?= /* @escapeNotVerified */ __('Items Ordered') ?></strong>
-        <?php if ($_order->getTracksCollection()->count()) : ?>
+        <strong><?= $block->escapeHtml(__('Items Ordered')) ?></strong>
+        <?php if (!empty($_order->getTracksCollection()->getItems())) : ?>
             <?= $block->getChildHtml('tracking-info-link') ?>
         <?php endif; ?>
     </div>
 
     <?= $block->getChildHtml('order_items') ?>
 
-    <?php if ($this->helper('Magento\GiftMessage\Helper\Message')->isMessagesAllowed('order', $_order) && $_order->getGiftMessageId()): ?>
+    <?php if ($this->helper(\Magento\GiftMessage\Helper\Message::class)->isMessagesAllowed('order', $_order)
+        && $_order->getGiftMessageId()
+    ) : ?>
     <div class="block block-order-details-gift-message">
-        <div class="block-title"><strong><?= /* @escapeNotVerified */ __('Gift Message for This Order') ?></strong></div>
-        <?php $_giftMessage = $this->helper('Magento\GiftMessage\Helper\Message')->getGiftMessageForEntity($_order); ?>
+        <div class="block-title"><strong><?= $block->escapeHtml(__('Gift Message for This Order')) ?></strong></div>
+        <?php
+        $_giftMessage = $this->helper(\Magento\GiftMessage\Helper\Message::class)->getGiftMessageForEntity($_order);
+        ?>
         <div class="block-content">
             <dl class="item-options">
-                <dt class="item-sender"><strong class="label"><?= /* @escapeNotVerified */ __('From') ?></strong><?= $block->escapeHtml($_giftMessage->getSender()) ?></dt>
-                <dt class="item-recipient"><strong class="label"><?= /* @escapeNotVerified */ __('To') ?></strong><?= $block->escapeHtml($_giftMessage->getRecipient()) ?></dt>
-                <dd class="item-message"><?= /* @escapeNotVerified */ $this->helper('Magento\GiftMessage\Helper\Message')->getEscapedGiftMessage($_order) ?></dd>
+                <dt class="item-sender"><strong class="label"><?= $block->escapeHtml(__('From')) ?></strong><?= $block->escapeHtml($_giftMessage->getSender()) ?></dt>
+                <dt class="item-recipient"><strong class="label"><?= $block->escapeHtml(__('To')) ?></strong><?= $block->escapeHtml($_giftMessage->getRecipient()) ?></dt>
+                <dd class="item-message">
+                    <?= /* @noEscape */
+                    $this->helper(\Magento\GiftMessage\Helper\Message::class)->getEscapedGiftMessage($_order) ?>
+                </dd>
             </dl>
         </div>
     </div>
@@ -36,8 +42,8 @@
 
     <div class="actions-toolbar">
         <div class="secondary">
-            <a class="action back" href="<?= /* @escapeNotVerified */ $block->getBackUrl() ?>">
-                <span><?= /* @escapeNotVerified */ $block->getBackTitle() ?></span>
+            <a class="action back" href="<?= $block->escapeUrl($block->getBackUrl()) ?>">
+                <span><?= $block->escapeHtml($block->getBackTitle()) ?></span>
             </a>
         </div>
     </div>
diff --git a/app/code/Magento/Sales/view/frontend/templates/reorder/sidebar.phtml b/app/code/Magento/Sales/view/frontend/templates/reorder/sidebar.phtml
index a2ab3d02b13ea..ba1204fac8ec5 100644
--- a/app/code/Magento/Sales/view/frontend/templates/reorder/sidebar.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/reorder/sidebar.phtml
@@ -4,8 +4,6 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /**
  * Last ordered items sidebar
  *
@@ -15,27 +13,27 @@
 <div class="block block-reorder" data-bind="scope: 'lastOrderedItems'">
     <div class="block-title no-display"
          data-bind="css: {'no-display': !lastOrderedItems().items || lastOrderedItems().items.length === 0}">
-        <strong id="block-reorder-heading" role="heading" aria-level="2"><?= /* @escapeNotVerified */ __('Recently Ordered') ?></strong>
+        <strong id="block-reorder-heading" role="heading" aria-level="2"><?= $block->escapeHtml(__('Recently Ordered')) ?></strong>
     </div>
     <div class="block-content no-display"
          data-bind="css: {'no-display': !lastOrderedItems().items || lastOrderedItems().items.length === 0}"
          aria-labelledby="block-reorder-heading">
         <form method="post" class="form reorder"
-              action="<?= /* @escapeNotVerified */ $block->getFormActionUrl() ?>" id="reorder-validate-detail">
-            <strong class="subtitle"><?= /* @escapeNotVerified */ __('Last Ordered Items') ?></strong>
+              action="<?= $block->escapeUrl($block->getFormActionUrl()) ?>" id="reorder-validate-detail">
+            <strong class="subtitle"><?= $block->escapeHtml(__('Last Ordered Items')) ?></strong>
             <ol id="cart-sidebar-reorder" class="product-items product-items-names"
                 data-bind="foreach: lastOrderedItems().items">
                 <li class="product-item">
                     <div class="field item choice">
                         <label class="label" data-bind="attr: {'for': 'reorder-item-' + id}">
-                            <span><?= /* @escapeNotVerified */ __('Add to Cart') ?></span>
+                            <span><?= $block->escapeHtml(__('Add to Cart')) ?></span>
                         </label>
                         <div class="control">
                             <input type="checkbox" name="order_items[]"
                                    data-bind="attr: {
                                         id: 'reorder-item-' + id,
                                         value: id,
-                                        title: is_saleable ? '<?= /* @escapeNotVerified */ __('Add to Cart') ?>' : '<?= /* @escapeNotVerified */ __('Product is not salable.') ?>'
+                                        title: is_saleable ? '<?= $block->escapeHtml(__('Add to Cart')) ?>' : '<?= $block->escapeHtml(__('Product is not salable.')) ?>'
                                    },
                                    disable: !is_saleable"
                                    class="checkbox" data-validate='{"validate-one-checkbox-required-by-name": true}'/>
@@ -52,13 +50,13 @@
             <div class="actions-toolbar">
                 <div class="primary"
                      data-bind="visible: isShowAddToCart">
-                    <button type="submit" title="<?= /* @escapeNotVerified */ __('Add to Cart') ?>" class="action tocart primary">
-                        <span><?= /* @escapeNotVerified */ __('Add to Cart') ?></span>
+                    <button type="submit" title="<?= $block->escapeHtml(__('Add to Cart')) ?>" class="action tocart primary">
+                        <span><?= $block->escapeHtml(__('Add to Cart')) ?></span>
                     </button>
                 </div>
                 <div class="secondary">
-                    <a class="action view" href="<?= /* @escapeNotVerified */ $block->getUrl('customer/account') ?>#my-orders-table">
-                        <span><?= /* @escapeNotVerified */ __('View All') ?></span>
+                    <a class="action view" href="<?= $block->escapeUrl($block->getUrl('customer/account')) ?>#my-orders-table">
+                        <span><?= $block->escapeHtml(__('View All')) ?></span>
                     </a>
                 </div>
             </div>
diff --git a/app/code/Magento/Sales/view/frontend/templates/widget/guest/form.phtml b/app/code/Magento/Sales/view/frontend/templates/widget/guest/form.phtml
index ac428283dfcb0..25926688c6f47 100644
--- a/app/code/Magento/Sales/view/frontend/templates/widget/guest/form.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/widget/guest/form.phtml
@@ -4,31 +4,29 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var $block \Magento\Sales\Block\Widget\Guest\Form */
 ?>
-<?php if ($block->isEnable()): ?>
+<?php if ($block->isEnable()) : ?>
     <div class="widget block block-orders-returns">
         <div class="block-title">
-            <strong role="heading" aria-level="2"><?= /* @escapeNotVerified */ __('Orders and Returns') ?></strong>
+            <strong role="heading" aria-level="2"><?= $block->escapeHtml(__('Orders and Returns')) ?></strong>
         </div>
         <div class="block-content">
-            <form id="oar-widget-orders-and-returns-form" data-mage-init='{"ordersReturns":{},"validation":{}}' action="<?= /* @escapeNotVerified */ $block->getActionUrl() ?>" method="post"
+            <form id="oar-widget-orders-and-returns-form" data-mage-init='{"ordersReturns":{},"validation":{}}' action="<?= $block->escapeUrl($block->getActionUrl()) ?>" method="post"
                   class="form form-orders-search" name="guest_post">
                 <fieldset class="fieldset">
                     <div class="field find required">
-                        <label class="label"><span><?= /* @escapeNotVerified */ __('Find Order By') ?></span></label>
+                        <label class="label"><span><?= $block->escapeHtml(__('Find Order By')) ?></span></label>
 
                         <div class="control">
                             <select name="oar_type" id="quick-search-type-id" class="select" title="">
-                                <option value="email"><?= /* @escapeNotVerified */ __('Email') ?></option>
-                                <option value="zip"><?= /* @escapeNotVerified */ __('ZIP Code') ?></option>
+                                <option value="email"><?= $block->escapeHtml(__('Email')) ?></option>
+                                <option value="zip"><?= $block->escapeHtml(__('ZIP Code')) ?></option>
                             </select>
                         </div>
                     </div>
                     <div class="field id required">
-                        <label for="oar-order-id" class="label"><span><?= /* @escapeNotVerified */ __('Order ID') ?></span></label>
+                        <label for="oar-order-id" class="label"><span><?= $block->escapeHtml(__('Order ID')) ?></span></label>
 
                         <div class="control">
                             <input type="text" class="input-text" id="oar-order-id" name="oar_order_id" autocomplete="off"
@@ -37,7 +35,7 @@
                     </div>
                     <div class="field lastname required">
                         <label for="oar-billing-lastname"
-                               class="label"><span><?= /* @escapeNotVerified */ __('Billing Last Name') ?></span></label>
+                               class="label"><span><?= $block->escapeHtml(__('Billing Last Name')) ?></span></label>
 
                         <div class="control">
                             <input type="text" class="input-text" id="oar-billing-lastname" name="oar_billing_lastname"
@@ -45,7 +43,7 @@
                         </div>
                     </div>
                     <div id="oar-email" class="field email required">
-                        <label for="oar_email" class="label"><span><?= /* @escapeNotVerified */ __('Email') ?></span></label>
+                        <label for="oar_email" class="label"><span><?= $block->escapeHtml(__('Email')) ?></span></label>
 
                         <div class="control">
                             <input type="email" class="input-text" id="oar_email" name="oar_email" autocomplete="off"
@@ -53,7 +51,7 @@
                         </div>
                     </div>
                     <div id="oar-zip" style="display: none;" class="field zip required">
-                        <label for="oar_zip" class="label"><span><?= /* @escapeNotVerified */ __('Billing ZIP Code') ?></span></label>
+                        <label for="oar_zip" class="label"><span><?= $block->escapeHtml(__('Billing ZIP Code')) ?></span></label>
 
                         <div class="control">
                             <input type="text" class="input-text" id="oar_zip" name="oar_zip"
@@ -64,7 +62,7 @@
                 <div class="actions-toolbar">
                     <div class="primary">
                         <button type="submit" title="<?= $block->escapeHtml(__('Search')) ?>" class="action search">
-                            <span><?= /* @escapeNotVerified */ __('Search') ?></span>
+                            <span><?= $block->escapeHtml(__('Search')) ?></span>
                         </button>
                     </div>
                 </div>

From 51968a23a5dfa402038101c78a2db2522d6ca147 Mon Sep 17 00:00:00 2001
From: Dave Macaulay <macaulay@adobe.com>
Date: Mon, 20 May 2019 18:25:06 +0200
Subject: [PATCH 02/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Fix helper classes
---
 .../view/frontend/templates/order/info/buttons.phtml      | 2 +-
 .../Sales/view/frontend/templates/order/items.phtml       | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/code/Magento/Sales/view/frontend/templates/order/info/buttons.phtml b/app/code/Magento/Sales/view/frontend/templates/order/info/buttons.phtml
index faff4ccdb3399..6b87d3c22331c 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/info/buttons.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/info/buttons.phtml
@@ -8,7 +8,7 @@
 ?>
 <div class="actions">
     <?php $_order = $block->getOrder() ?>
-    <?php if ($this->helper(Magento\Sales\Helper\Reorder::class)->canReorder($_order->getEntityId())) : ?>
+    <?php if ($this->helper(\Magento\Sales\Helper\Reorder::class)->canReorder($_order->getEntityId())) : ?>
         <a href="#" data-post='<?=
         /* @noEscape */ $this->helper(\Magento\Framework\Data\Helper\PostHelper::class)
             ->getPostData($block->getReorderUrl($_order))
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/items.phtml b/app/code/Magento/Sales/view/frontend/templates/order/items.phtml
index 3ce499946fd44..98a1f1ebb7545 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/items.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/items.phtml
@@ -36,8 +36,8 @@
             endif;
             ?>
                 <?= $block->getItemHtml($item) ?>
-                <?php if ($this->helper(Magento\GiftMessage\Helper\Message::class)->isMessagesAllowed('order_item', $item) && $item->getGiftMessageId()) : ?>
-                    <?php $giftMessage = $this->helper(Magento\GiftMessage\Helper\Message::class)->getGiftMessageForEntity($item); ?>
+                <?php if ($this->helper(\Magento\GiftMessage\Helper\Message::class)->isMessagesAllowed('order_item', $item) && $item->getGiftMessageId()) : ?>
+                    <?php $giftMessage = $this->helper(\Magento\GiftMessage\Helper\Message::class)->getGiftMessageForEntity($item); ?>
                     <tr>
                         <td class="col options" colspan="5">
                             <a href="#"
@@ -47,7 +47,7 @@
                                data-item-id="<?= (int) $item->getId() ?>">
                                 <?= $block->escapeHtml(__('Gift Message')) ?>
                             </a>
-                            <?php $giftMessage = $this->helper(Magento\GiftMessage\Helper\Message::class)->getGiftMessageForEntity($item); ?>
+                            <?php $giftMessage = $this->helper(\Magento\GiftMessage\Helper\Message::class)->getGiftMessageForEntity($item); ?>
                             <div class="order-gift-message" id="order-item-gift-message-<?= (int) $item->getId() ?>" role="region" aria-expanded="false" tabindex="-1">
                                 <a href="#"
                                    title="<?= $block->escapeHtml(__('Close')) ?>"
@@ -59,7 +59,7 @@
                                 <dl class="item-options">
                                     <dt class="item-sender"><strong class="label"><?= $block->escapeHtml(__('From')) ?></strong><?= $block->escapeHtml($giftMessage->getSender()) ?></dt>
                                     <dt class="item-recipient"><strong class="label"><?= $block->escapeHtml(__('To')) ?></strong><?= $block->escapeHtml($giftMessage->getRecipient()) ?></dt>
-                                    <dd class="item-message"><?= /* @noEscape */ $this->helper(Magento\GiftMessage\Helper\Message::class)->getEscapedGiftMessage($item) ?></dd>
+                                    <dd class="item-message"><?= /* @noEscape */ $this->helper(\Magento\GiftMessage\Helper\Message::class)->getEscapedGiftMessage($item) ?></dd>
                                 </dl>
                             </div>
                         </td>

From e58383017aef2d0aea90090b5d6a5a42c99eae3a Mon Sep 17 00:00:00 2001
From: Dave Macaulay <macaulay@adobe.com>
Date: Tue, 21 May 2019 15:43:06 +0200
Subject: [PATCH 03/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Admin create
---
 .../templates/items/column/name.phtml         |  28 +--
 .../templates/items/column/qty.phtml          |  63 +++--
 .../adminhtml/templates/items/price/row.phtml |   7 +-
 .../templates/items/price/total.phtml         |   7 +-
 .../templates/items/price/unit.phtml          |   6 +-
 .../templates/items/renderer/default.phtml    |  24 +-
 .../templates/order/address/form.phtml        |   7 +-
 .../templates/order/comments/view.phtml       |  40 ++--
 .../templates/order/create/abstract.phtml     |   7 +-
 .../order/create/billing/method/form.phtml    |  21 +-
 .../templates/order/create/comment.phtml      |  10 +-
 .../templates/order/create/coupons/form.phtml |  20 +-
 .../templates/order/create/data.phtml         |  28 ++-
 .../templates/order/create/form.phtml         |  10 +-
 .../templates/order/create/form/address.phtml |  65 +++---
 .../templates/order/create/giftmessage.phtml  |  38 +--
 .../templates/order/create/items.phtml        |   6 +-
 .../templates/order/create/items/grid.phtml   | 218 +++++++++---------
 .../order/create/items/price/row.phtml        |   7 +-
 .../order/create/items/price/total.phtml      |   7 +-
 .../order/create/items/price/unit.phtml       |   6 +-
 .../adminhtml/templates/order/create/js.phtml |   8 +-
 .../order/create/newsletter/form.phtml        |   5 +-
 .../order/create/shipping/method/form.phtml   |  61 +++--
 .../templates/order/create/sidebar.phtml      |  22 +-
 .../order/create/sidebar/items.phtml          |  77 +++----
 .../templates/order/create/store/select.phtml |  21 +-
 .../templates/order/create/totals.phtml       |  17 +-
 .../order/create/totals/default.phtml         |  19 +-
 .../order/create/totals/grandtotal.phtml      |  56 +++--
 .../order/create/totals/shipping.phtml        |  36 ++-
 .../order/create/totals/subtotal.phtml        |  28 ++-
 .../templates/order/create/totals/tax.phtml   |  75 +++---
 33 files changed, 478 insertions(+), 572 deletions(-)

diff --git a/app/code/Magento/Sales/view/adminhtml/templates/items/column/name.phtml b/app/code/Magento/Sales/view/adminhtml/templates/items/column/name.phtml
index a903c92ef33e2..151c1bcaa40f0 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/items/column/name.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/items/column/name.phtml
@@ -4,36 +4,32 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+// phpcs:disable Magento2.Templates.ThisInTemplate
 ?>
 <?php
-/**
- * @see \Magento\Sales\Block\Adminhtml\Items\Column\Name
- */
+/* @var $block \Magento\Sales\Block\Adminhtml\Items\Column\Name */
 ?>
-
-<?php if ($_item = $block->getItem()): ?>
-    <div id="order_item_<?= $block->escapeHtml($_item->getId()) ?>_title"
+<?php if ($_item = $block->getItem()) : ?>
+    <div id="order_item_<?= (int) $_item->getId() ?>_title"
          class="product-title">
         <?= $block->escapeHtml($_item->getName()) ?>
     </div>
     <div class="product-sku-block">
-        <span><?= $block->escapeHtml(__('SKU'))?>:</span> <?= implode('<br />', $this->helper('Magento\Catalog\Helper\Data')->splitSku($block->escapeHtml($block->getSku()))) ?>
+        <span><?= $block->escapeHtml(__('SKU'))?>:</span> <?= /* @noEscape */ implode('<br />', $this->helper(\Magento\Catalog\Helper\Data::class)->splitSku($block->escapeHtml($block->getSku()))) ?>
     </div>
 
-    <?php if ($block->getOrderOptions()): ?>
+    <?php if ($block->getOrderOptions()) : ?>
         <dl class="item-options">
-            <?php foreach ($block->getOrderOptions() as $_option): ?>
+            <?php foreach ($block->getOrderOptions() as $_option) : ?>
                 <dt><?= $block->escapeHtml($_option['label']) ?>:</dt>
                 <dd>
-                    <?php if (isset($_option['custom_view']) && $_option['custom_view']): ?>
-                        <?= /* @escapeNotVerified */ $block->getCustomizedOptionValue($_option) ?>
-                    <?php else: ?>
+                    <?php if (isset($_option['custom_view']) && $_option['custom_view']) : ?>
+                        <?= $block->escapeHtml($block->getCustomizedOptionValue($_option)) ?>
+                    <?php else : ?>
                         <?php $_option = $block->getFormattedOption($_option['value']); ?>
                         <?php $dots = 'dots' . uniqid(); ?>
-                        <?= $block->escapeHtml($_option['value']) ?><?php if (isset($_option['remainder']) && $_option['remainder']): ?> <span id="<?= /* @noEscape */ $dots; ?>"> ...</span>
-                            <?php  $id = 'id' . uniqid(); ?>
+                        <?= $block->escapeHtml($_option['value']) ?><?php if (isset($_option['remainder']) && $_option['remainder']) : ?> <span id="<?= /* @noEscape */ $dots; ?>"> ...</span>
+                            <?php $id = 'id' . uniqid(); ?>
                             <span id="<?= /* @noEscape */ $id; ?>"><?= $block->escapeHtml($_option['remainder']) ?></span>
                             <script>
                                 require(['prototype'], function() {
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/items/column/qty.phtml b/app/code/Magento/Sales/view/adminhtml/templates/items/column/qty.phtml
index 9bf4856795197..c85681ac927a7 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/items/column/qty.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/items/column/qty.phtml
@@ -3,44 +3,41 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<?php if ($item = $block->getItem()): ?>
-<table class="qty-table">
-    <tr>
-        <th><?= $block->escapeHtml(__('Ordered')); ?></th>
-        <td><?= /* @noEscape */  $item->getQtyOrdered()*1 ?></td>
-    </tr>
-
-    <?php if ((float) $item->getQtyInvoiced()): ?>
+<?php if ($item = $block->getItem()) : ?>
+    <table class="qty-table">
         <tr>
-            <th><?= $block->escapeHtml(__('Invoiced')); ?></th>
-            <td><?= /* @noEscape */  $item->getQtyInvoiced()*1 ?></td>
+            <th><?= $block->escapeHtml(__('Ordered')); ?></th>
+            <td><?= (int)$item->getQtyOrdered() * 1 ?></td>
         </tr>
-    <?php endif; ?>
 
-    <?php if ((float) $item->getQtyShipped()): ?>
-        <tr>
-            <th><?= $block->escapeHtml(__('Shipped')); ?></th>
-            <td><?= /* @noEscape */  $item->getQtyShipped()*1 ?></td>
-        </tr>
-    <?php endif; ?>
+        <?php if ((float)$item->getQtyInvoiced()) : ?>
+            <tr>
+                <th><?= $block->escapeHtml(__('Invoiced')); ?></th>
+                <td><?= (int)$item->getQtyInvoiced() * 1 ?></td>
+            </tr>
+        <?php endif; ?>
 
-    <?php if ((float) $item->getQtyRefunded()): ?>
-        <tr>
-            <th><?= $block->escapeHtml(__('Refunded')); ?></th>
-            <td><?= /* @noEscape */ $item->getQtyRefunded()*1 ?></td>
-        </tr>
-    <?php endif; ?>
+        <?php if ((float)$item->getQtyShipped()) : ?>
+            <tr>
+                <th><?= $block->escapeHtml(__('Shipped')); ?></th>
+                <td><?= (int)$item->getQtyShipped() * 1 ?></td>
+            </tr>
+        <?php endif; ?>
 
-    <?php if ((float) $item->getQtyCanceled()): ?>
-        <tr>
-            <th><?= $block->escapeHtml(__('Canceled')); ?></th>
-            <td><?= /* @noEscape */ $item->getQtyCanceled()*1 ?></td>
-        </tr>
-    <?php endif; ?>
+        <?php if ((float)$item->getQtyRefunded()) : ?>
+            <tr>
+                <th><?= $block->escapeHtml(__('Refunded')); ?></th>
+                <td><?= (int)$item->getQtyRefunded() * 1 ?></td>
+            </tr>
+        <?php endif; ?>
+
+        <?php if ((float)$item->getQtyCanceled()) : ?>
+            <tr>
+                <th><?= $block->escapeHtml(__('Canceled')); ?></th>
+                <td><?= (int)$item->getQtyCanceled() * 1 ?></td>
+            </tr>
+        <?php endif; ?>
 
-</table>
+    </table>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/items/price/row.phtml b/app/code/Magento/Sales/view/adminhtml/templates/items/price/row.phtml
index 54e95876d7626..fba82ce89be58 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/items/price/row.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/items/price/row.phtml
@@ -3,16 +3,11 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /** @var \Magento\Sales\Block\Adminhtml\Items\Column\DefaultColumn $block */
-
 $_item = $block->getItem();
 ?>
-
 <div class="price-excl-tax">
-    <?= /* @escapeNotVerified */ $block->displayPrices($_item->getBaseRowTotal(), $_item->getRowTotal()) ?>
+    <?= /* @noEscape */ $block->displayPrices($_item->getBaseRowTotal(), $_item->getRowTotal()) ?>
 </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/items/price/total.phtml b/app/code/Magento/Sales/view/adminhtml/templates/items/price/total.phtml
index 46a0a0926f4c7..74574e5e870a2 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/items/price/total.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/items/price/total.phtml
@@ -3,14 +3,9 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /** @var \Magento\Sales\Block\Adminhtml\Items\Column\DefaultColumn $block */
-
 $_item = $block->getItem();
 ?>
-
-<?= /* @escapeNotVerified */ $block->displayPrices($block->getBaseTotalAmount($_item), $block->getTotalAmount($_item)) ?>
+<?= /* @noEscape */ $block->displayPrices($block->getBaseTotalAmount($_item), $block->getTotalAmount($_item)) ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/items/price/unit.phtml b/app/code/Magento/Sales/view/adminhtml/templates/items/price/unit.phtml
index 444310c80884a..9146fe6713225 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/items/price/unit.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/items/price/unit.phtml
@@ -3,15 +3,11 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /** @var \Magento\Sales\Block\Adminhtml\Items\Column\DefaultColumn $block */
-
 $_item = $block->getItem();
 ?>
 <div class="price-excl-tax">
-<?= /* @escapeNotVerified */ $block->displayPrices($_item->getBasePrice(), $_item->getPrice()) ?>
+<?= /* @noEscape */ $block->displayPrices($_item->getBasePrice(), $_item->getPrice()) ?>
 </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/items/renderer/default.phtml b/app/code/Magento/Sales/view/adminhtml/templates/items/renderer/default.phtml
index 09f6ee5d6a49a..0c5b276bf382b 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/items/renderer/default.phtml
@@ -4,21 +4,19 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+// phpcs:disable Magento2.Templates.ThisInTemplate
 ?>
-
-<?= /* @escapeNotVerified */ $block->getItem()->getName() ?>
-<div><strong><?= /* @escapeNotVerified */ __('SKU') ?>:</strong> <?= implode('<br />', $this->helper('Magento\Catalog\Helper\Data')->splitSku($block->escapeHtml($block->getItem()->getSku()))) ?></div>
-<?php if ($block->getOrderOptions()): ?>
+<?= $block->escapeHtml($block->getItem()->getName()) ?>
+<div><strong><?= $block->escapeHtml(__('SKU')) ?>:</strong> <?= /* @noEscape */ implode('<br />', $this->helper(\Magento\Catalog\Helper\Data::class)->splitSku($block->escapeHtml($block->getItem()->getSku()))) ?></div>
+<?php if ($block->getOrderOptions()) : ?>
     <ul class="item-options">
-    <?php foreach ($block->getOrderOptions() as $option): ?>
-        <li><strong><?= /* @escapeNotVerified */ $option['label'] ?>:</strong><br />
-        <?php if (is_array($option['value'])): ?>
-        <?php foreach ($option['value'] as $item): ?>
-            <?= $block->getValueHtml($item) ?><br />
-            <?php endforeach; ?>
-        <?php else: ?>
+    <?php foreach ($block->getOrderOptions() as $option) : ?>
+        <li><strong><?= $block->escapeHtml($option['label']) ?>:</strong><br />
+        <?php if (is_array($option['value'])) : ?>
+            <?php foreach ($option['value'] as $item) : ?>
+                <?= $block->getValueHtml($item) ?><br />
+                <?php endforeach; ?>
+            <?php else : ?>
             <?= $block->escapeHtml($option['value']) ?>
         <?php endif; ?>
         </li>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/address/form.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/address/form.phtml
index ff79e2f89cd20..a7f3b3c1cc8f5 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/address/form.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/address/form.phtml
@@ -3,19 +3,16 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <div class="message message-notice">
     <div class="message-inner">
-        <div class="message-content"><?= /* @escapeNotVerified */ __('Changing address information will not recalculate shipping, tax or other order amount.') ?></div>
+        <div class="message-content"><?= $block->escapeHtml(__('Changing address information will not recalculate shipping, tax or other order amount.')) ?></div>
     </div>
 </div>
 
 <fieldset class="fieldset admin__fieldset-wrapper">
     <legend class="legend admin__legend">
-        <span><?= /* @escapeNotVerified */ $block->getHeaderText() ?></span>
+        <span><?= $block->escapeHtml($block->getHeaderText()) ?></span>
     </legend>
     <br>
     <div class="form-inline" data-mage-init='{"Magento_Sales/order/edit/address/form":{}}'>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/comments/view.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/comments/view.phtml
index f01e1c274a1de..05e753c78f4a3 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/comments/view.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/comments/view.phtml
@@ -3,16 +3,13 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<?php if ($_entity = $block->getEntity()): ?>
+<?php if ($_entity = $block->getEntity()) : ?>
 <div id="comments_block" class="edit-order-comments">
     <div class="order-history-block">
         <div class="admin__field field-row">
             <label class="admin__field-label"
-                   for="history_comment"><?= /* @escapeNotVerified */ __('Comment Text') ?></label>
+                   for="history_comment"><?= $block->escapeHtml(__('Comment Text')) ?></label>
             <div class="admin__field-control">
                 <textarea name="comment[comment]"
                           class="admin__control-textarea"
@@ -23,7 +20,7 @@
         </div>
         <div class="admin__field">
             <div class="order-history-comments-options">
-                <?php if ($block->canSendCommentEmail()): ?>
+                <?php if ($block->canSendCommentEmail()) : ?>
                     <div class="admin__field admin__field-option">
                         <input name="comment[is_customer_notified]"
                                type="checkbox"
@@ -31,7 +28,7 @@
                                id="history_notify"
                                value="1" />
                         <label class="admin__field-label"
-                               for="history_notify"><?= /* @escapeNotVerified */ __('Notify Customer by Email') ?></label>
+                               for="history_notify"><?= $block->escapeHtml(__('Notify Customer by Email')) ?></label>
                     </div>
                 <?php endif; ?>
                 <div class="admin__field admin__field-option">
@@ -41,7 +38,7 @@
                            class="admin__control-checkbox"
                            value="1" />
                     <label class="admin__field-label"
-                           for="history_visible"> <?= /* @escapeNotVerified */ __('Visible on Storefront') ?></label>
+                           for="history_visible"> <?= $block->escapeHtml(__('Visible on Storefront')) ?></label>
                 </div>
             </div>
             <div class="order-history-comments-actions">
@@ -51,16 +48,16 @@
     </div>
 
     <ul class="note-list">
-        <?php foreach ($_entity->getCommentsCollection(true) as $_comment): ?>
+        <?php foreach ($_entity->getCommentsCollection(true) as $_comment) : ?>
             <li>
                 <span class="note-list-date"><?= /* @noEscape */ $block->formatDate($_comment->getCreatedAt(), \IntlDateFormatter::MEDIUM) ?></span>
                 <span class="note-list-time"><?= /* @noEscape */ $block->formatTime($_comment->getCreatedAt(), \IntlDateFormatter::MEDIUM) ?></span>
                 <span class="note-list-customer">
-                    <?= /* @escapeNotVerified */ __('Customer') ?>
-                    <?php if ($_comment->getIsCustomerNotified()): ?>
-                        <span class="note-list-customer-notified"><?= /* @escapeNotVerified */ __('Notified') ?></span>
-                    <?php else: ?>
-                        <span class="note-list-customer-not-notified"><?= /* @escapeNotVerified */ __('Not Notified') ?></span>
+                    <?= $block->escapeHtml(__('Customer')) ?>
+                    <?php if ($_comment->getIsCustomerNotified()) : ?>
+                        <span class="note-list-customer-notified"><?= $block->escapeHtml(__('Notified')) ?></span>
+                    <?php else : ?>
+                        <span class="note-list-customer-not-notified"><?= $block->escapeHtml(__('Not Notified')) ?></span>
                     <?php endif; ?>
                 </span>
                 <div class="note-list-comment"><?= $block->escapeHtml($_comment->getComment(), ['b', 'br', 'strong', 'i', 'u', 'a']) ?></div>
@@ -70,15 +67,12 @@
 </div>
 <script>
 require(['prototype'], function(){
-
-submitComment = function() {
-    submitAndReloadArea($('comments_block').parentNode, '<?= /* @escapeNotVerified */ $block->getSubmitUrl() ?>')
-}
-
-if ($('submit_comment_button')) {
-    $('submit_comment_button').observe('click', submitComment);
-}
-
+    submitComment = function() {
+        submitAndReloadArea($('comments_block').parentNode, '<?= $block->escapeUrl($block->getSubmitUrl()) ?>')
+    };
+    if ($('submit_comment_button')) {
+        $('submit_comment_button').observe('click', submitComment);
+    }
 });
 </script>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/abstract.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/abstract.phtml
index 13433846d6ac4..6083a37efeabc 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/abstract.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/abstract.phtml
@@ -3,14 +3,11 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 
 <div class="admin__page-section-title">
-    <span class="title"><?= /* @escapeNotVerified */ $block->getHeaderText() ?></span>
-    <?php if($block->getButtonsHtml()): ?>
+    <span class="title"><?= $block->escapeHtml($block->getHeaderText()) ?></span>
+    <?php if ($block->getButtonsHtml()) : ?>
         <div class="actions"><?= $block->getButtonsHtml() ?></div>
     <?php endif; ?>
 </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/billing/method/form.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/billing/method/form.phtml
index 00fa55d38f5fc..e29c1d2db01ce 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/billing/method/form.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/billing/method/form.phtml
@@ -3,7 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
 ?>
 <?php if ($block->hasMethods()) : ?>
 <div id="order-billing_method_form">
@@ -20,11 +19,11 @@
         ?>
         <dt class="admin__field-option">
         <?php if ($_methodsCount > 1) : ?>
-            <input id="p_method_<?= $block->escapeHtml($_code); ?>"
-                   value="<?= $block->escapeHtml($_code); ?>"
+            <input id="p_method_<?= $block->escapeHtmlAttr($_code); ?>"
+                   value="<?= $block->escapeHtmlAttr($_code); ?>"
                    type="radio" name="payment[method]"
-                   title="<?= $block->escapeHtml($_method->getTitle()); ?>"
-                   onclick="payment.switchMethod('<?= $block->escapeHtml($_code); ?>')"
+                   title="<?= $block->escapeHtmlAttr($_method->getTitle()); ?>"
+                   onclick="payment.switchMethod('<?= $block->escapeJs($_code); ?>')"
                     <?php if ($currentSelectedMethod == $_code) : ?>
                     checked="checked"
                     <?php endif; ?>
@@ -32,20 +31,20 @@
                    class="admin__control-radio"/>
         <?php else :?>
             <span class="no-display">
-                <input id="p_method_<?= $block->escapeHtml($_code); ?>"
-                       value="<?= $block->escapeHtml($_code); ?>"
+                <input id="p_method_<?= $block->escapeHtmlAttr($_code); ?>"
+                       value="<?= $block->escapeHtmlAttr($_code); ?>"
                        type="radio"
                        name="payment[method]" class="admin__control-radio"
                        checked="checked"/>
             </span>
         <?php endif;?>
 
-            <label class="admin__field-label" for="p_method_<?= $block->escapeHtml($_code); ?>">
+            <label class="admin__field-label" for="p_method_<?= $block->escapeHtmlAttr($_code); ?>">
                 <?= $block->escapeHtml($_method->getTitle()) ?>
             </label>
         </dt>
         <dd class="admin__payment-method-wrapper">
-            <?= /* @noEscape */ $block->getChildHtml('payment.method.' . $_code) ?>
+            <?= $block->getChildHtml('payment.method.' . $_code) ?>
         </dd>
     <?php endforeach; ?>
     </dl>
@@ -57,9 +56,9 @@
         ], function(mage) {
             mage.apply();
         <?php if ($_methodsCount !== 1) : ?>
-            order.setPaymentMethod('<?= $block->escapeHtml($currentSelectedMethod); ?>');
+            order.setPaymentMethod('<?= $block->escapeJs($currentSelectedMethod); ?>');
         <?php else : ?>
-            payment.switchMethod('<?= $block->escapeHtml($currentSelectedMethod); ?>');
+            payment.switchMethod('<?= $block->escapeJs($currentSelectedMethod); ?>');
         <?php endif; ?>
         });
     </script>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/comment.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/comment.phtml
index 2cf09583bd902..dfa6b5e6fff79 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/comment.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/comment.phtml
@@ -4,18 +4,16 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
+/** @var \Magento\Sales\Block\Adminhtml\Order\Create\Comment $block */
+?>
 
- ?>
-
-<?php /* <h4 class="icon-head fieldset-legend <?= $block->getHeaderCssClass() ?>"><?= $block->getHeaderText() ?></h4> */ ?>
 <div class="admin__field field-comment">
-    <label for="order-comment" class="admin__field-label"><span><?= /* @escapeNotVerified */ __('Order Comments') ?></span></label>
+    <label for="order-comment" class="admin__field-label"><span><?= $block->escapeHtml(__('Order Comments')) ?></span></label>
     <div class="admin__field-control">
         <textarea
             id="order-comment"
             name="order[comment][customer_note]"
-            class="admin__control-textarea"><?= /* @escapeNotVerified */ $block->getCommentNote() ?></textarea>
+            class="admin__control-textarea"><?= $block->escapeHtml($block->getCommentNote()) ?></textarea>
     </div>
 </div>
 <script>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/coupons/form.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/coupons/form.phtml
index d499df585e565..a0e2b5a059263 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/coupons/form.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/coupons/form.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /**
@@ -13,25 +10,22 @@
  *
  */
 ?>
-
 <div class="admin__field field-apply-coupon-code">
-    <label class="admin__field-label"><span><?= /* @escapeNotVerified */ __('Apply Coupon Code') ?></span></label>
+    <label class="admin__field-label"><span><?= $block->escapeHtml(__('Apply Coupon Code')) ?></span></label>
     <div class="admin__field-control">
         <input type="text" class="admin__control-text" id="coupons:code" value="" name="coupon_code" />
         <?= $block->getButtonHtml(__('Apply'), 'order.applyCoupon($F(\'coupons:code\'))') ?>
-        <?php if ($block->getCouponCode()): ?>
+        <?php if ($block->getCouponCode()) : ?>
         <p class="added-coupon-code">
             <span><?= $block->escapeHtml($block->getCouponCode()) ?></span>
-            <a href="#" onclick="order.applyCoupon(''); return false;" title="<?= /* @escapeNotVerified */ __('Remove Coupon Code') ?>"
-               class="action-remove"><span><?= /* @escapeNotVerified */ __('Remove') ?></span></a>
+            <a href="#" onclick="order.applyCoupon(''); return false;" title="<?= $block->escapeHtml(__('Remove Coupon Code')) ?>"
+               class="action-remove"><span><?= $block->escapeHtml(__('Remove')) ?></span></a>
         </p>
         <?php endif; ?>
         <script>
-            require(["Magento_Sales/order/create/form"], function(){
-
-                order.overlay('shipping-method-overlay', <?php if ($block->getQuote()->isVirtual()): ?>false<?php else: ?>true<?php endif; ?>);
-                order.overlay('address-shipping-overlay', <?php if ($block->getQuote()->isVirtual()): ?>false<?php else: ?>true<?php endif; ?>);
-
+            require(["Magento_Sales/order/create/form"], function() {
+                order.overlay('shipping-method-overlay', <?php if ($block->getQuote()->isVirtual()) : ?>false<?php else : ?>true<?php endif; ?>);
+                order.overlay('address-shipping-overlay', <?php if ($block->getQuote()->isVirtual()) : ?>false<?php else : ?>true<?php endif; ?>);
             });
         </script>
     </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/data.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/data.phtml
index fdbaae2347398..f5edf0949374b 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/data.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/data.phtml
@@ -4,16 +4,15 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+/** @var \Magento\Sales\Block\Adminhtml\Order\Create\Data $block */
 ?>
 <div class="page-create-order">
     <script>
     require(["Magento_Sales/order/create/form"], function(){
-        order.setCurrencySymbol('<?= /* @escapeNotVerified */ $block->getCurrencySymbol($block->getCurrentCurrencyCode()) ?>')
+        order.setCurrencySymbol('<?= $block->escapeJs($block->getCurrencySymbol($block->getCurrentCurrencyCode())) ?>')
     });
 </script>
-    <div class="order-details<?php if ($block->getCustomerId()): ?> order-details-existing-customer<?php endif; ?>">
+    <div class="order-details<?php if ($block->getCustomerId()) : ?> order-details-existing-customer<?php endif; ?>">
 
         <div id="order-additional_area" style="display: none" class="admin__page-section order-additional-area">
             <?= $block->getChildHtml('additional_area') ?>
@@ -35,7 +34,7 @@
 
         <section id="order-addresses" class="admin__page-section order-addresses">
             <div class="admin__page-section-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Address Information') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Address Information')) ?></span>
             </div>
             <div class="admin__page-section-content">
                 <div id="order-billing_address" class="admin__page-section-item order-billing-address">
@@ -49,7 +48,7 @@
 
         <section id="order-methods" class="admin__page-section order-methods">
             <div class="admin__page-section-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Payment &amp; Shipping Information') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Payment &amp; Shipping Information')) ?></span>
             </div>
             <div class="admin__page-section-content">
                 <div id="order-billing_method" class="admin__page-section-item order-billing-method">
@@ -61,7 +60,7 @@
             </div>
         </section>
 
-        <?php if ($block->getChildBlock('card_validation')): ?>
+        <?php if ($block->getChildBlock('card_validation')) : ?>
         <section id="order-card_validation" class="admin__page-section order-card-validation">
             <?= $block->getChildHtml('card_validation') ?>
         </section>
@@ -71,11 +70,11 @@
 
         <section class="admin__page-section order-summary">
             <div class="admin__page-section-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Order Total') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Order Total')) ?></span>
             </div>
             <div class="admin__page-section-content">
                 <fieldset class="admin__fieldset order-history" id="order-comment">
-                    <legend class="admin__legend"><span><?= /* @escapeNotVerified */ __('Order History') ?></span></legend>
+                    <legend class="admin__legend"><span><?= $block->escapeHtml(__('Order History')) ?></span></legend>
                     <br>
                     <?= $block->getChildHtml('comment') ?>
                 </fieldset>
@@ -86,19 +85,19 @@
         </section>
     </div>
 
-    <?php if ($block->getCustomerId()): ?>
+    <?php if ($block->getCustomerId()) : ?>
         <div class="order-sidebar">
             <div class="store-switcher order-currency">
                 <label class="admin__field-label" for="currency_switcher">
-                    <?= /* @escapeNotVerified */ __('Order Currency:') ?>
+                    <?= $block->escapeHtml(__('Order Currency:')) ?>
                 </label>
                 <select id="currency_switcher"
                         class="admin__control-select"
                         name="order[currency]"
                         onchange="order.setCurrencyId(this.value); order.setCurrencySymbol(this.options[this.selectedIndex].getAttribute('symbol'));">
-                    <?php foreach ($block->getAvailableCurrencies() as $_code): ?>
-                        <option value="<?= /* @escapeNotVerified */ $_code ?>"<?php if ($_code == $block->getCurrentCurrencyCode()): ?> selected="selected"<?php endif; ?> symbol="<?= /* @escapeNotVerified */ $block->getCurrencySymbol($_code) ?>">
-                            <?= /* @escapeNotVerified */ $block->getCurrencyName($_code) ?>
+                    <?php foreach ($block->getAvailableCurrencies() as $_code) : ?>
+                        <option value="<?= $block->escapeHtmlAttr($_code) ?>"<?php if ($_code == $block->getCurrentCurrencyCode()) : ?> selected="selected"<?php endif; ?> symbol="<?= $block->escapeHtmlAttr($block->getCurrencySymbol($_code)) ?>">
+                            <?= $block->escapeHtml($block->getCurrencyName($_code)) ?>
                         </option>
                     <?php endforeach; ?>
                 </select>
@@ -108,5 +107,4 @@
             </div>
         </div>
     <?php endif; ?>
-
 </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form.phtml
index f46e1f74ca8d5..c38acb9b79e47 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form.phtml
@@ -4,22 +4,20 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var \Magento\Sales\Block\Adminhtml\Order\Create\Form $block */
 ?>
-<form id="edit_form" data-order-config='<?= $block->escapeHtml($block->getOrderDataJson()) ?>' data-load-base-url="<?= /* @escapeNotVerified */ $block->getLoadBlockUrl() ?>" action="<?= /* @escapeNotVerified */ $block->getSaveUrl() ?>" method="post" enctype="multipart/form-data">
+<form id="edit_form" data-order-config='<?= $block->escapeHtml($block->getOrderDataJson()) ?>' data-load-base-url="<?= $block->escapeUrl($block->getLoadBlockUrl()) ?>" action="<?= $block->escapeUrl($block->getSaveUrl()) ?>" method="post" enctype="multipart/form-data">
     <?= $block->getBlockHtml('formkey') ?>
     <div id="order-message">
         <?= $block->getChildHtml('message') ?>
     </div>
-    <div id="order-customer-selector" class="fieldset-wrapper order-customer-selector" style="display:<?= /* @escapeNotVerified */ $block->getCustomerSelectorDisplay() ?>">
+    <div id="order-customer-selector" class="fieldset-wrapper order-customer-selector" style="display:<?= /* @noEscape */ $block->getCustomerSelectorDisplay() ?>">
         <?= $block->getChildHtml('customer.grid.container') ?>
     </div>
-    <div id="order-store-selector" class="fieldset-wrapper" style="display:<?= /* @escapeNotVerified */ $block->getStoreSelectorDisplay() ?>">
+    <div id="order-store-selector" class="fieldset-wrapper" style="display:<?= /* @noEscape */ $block->getStoreSelectorDisplay() ?>">
         <?= $block->getChildHtml('store') ?>
     </div>
-    <div id="order-data" style="display:<?= /* @escapeNotVerified */ $block->getDataSelectorDisplay() ?>">
+    <div id="order-data" style="display:<?= /* @noEscape */ $block->getDataSelectorDisplay() ?>">
         <?= $block->getChildHtml('data') ?>
     </div>
 </form>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml
index ad2641577c4a7..9464e75182396 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml
@@ -4,17 +4,15 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /**
  * @var \Magento\Customer\Model\ResourceModel\Address\Collection $addressCollection
  */
 $addressCollection = $block->getData('customerAddressCollection');
 
 $addressArray = [];
-if ($block->getCustomerId()) {
+if ($block->getCustomerId()) :
     $addressArray = $addressCollection->setCustomerFilter([$block->getCustomerId()])->toArray();
-}
+endif;
 
 /**
  * @var \Magento\Sales\ViewModel\Customer\AddressFormatter $customerAddressFormatter
@@ -24,60 +22,58 @@ $customerAddressFormatter = $block->getData('customerAddressFormatter');
 /**
  * @var \Magento\Sales\Block\Adminhtml\Order\Create\Billing\Address|\Magento\Sales\Block\Adminhtml\Order\Create\Shipping\Address $block
  */
-if ($block->getIsShipping()):
+if ($block->getIsShipping()) :
     $_fieldsContainerId = 'order-shipping_address_fields';
     $_addressChoiceContainerId = 'order-shipping_address_choice';
     ?>
     <script>
     require(["Magento_Sales/order/create/form"], function(){
-
-        order.shippingAddressContainer = '<?= /* @escapeNotVerified */ $_fieldsContainerId ?>';
-        order.setAddresses(<?= /* @escapeVerfied  */ $block->getAddressCollectionJson() ?>);
-
+        order.shippingAddressContainer = '<?= $block->escapeJs($_fieldsContainerId) ?>';
+        order.setAddresses(<?= /* @noEscape  */ $block->getAddressCollectionJson() ?>);
     });
     </script>
     <?php
-else:
+else :
     $_fieldsContainerId = 'order-billing_address_fields';
     $_addressChoiceContainerId = 'order-billing_address_choice';
     ?>
     <script>
         require(["Magento_Sales/order/create/form"], function(){
-            order.billingAddressContainer = '<?= /* @escapeNotVerified */ $_fieldsContainerId ?>';
+            order.billingAddressContainer = '<?= $block->escapeJs($_fieldsContainerId) ?>';
         });
     </script>
     <?php
 endif; ?>
 
 <fieldset class="admin__fieldset">
-    <legend class="admin__legend <?= /* @escapeNotVerified */ $block->getHeaderCssClass() ?>">
-        <span><?= /* @escapeNotVerified */ $block->getHeaderText() ?></span>
+    <legend class="admin__legend <?= $block->escapeHtmlAttr($block->getHeaderCssClass()) ?>">
+        <span><?= $block->escapeHtml($block->getHeaderText()) ?></span>
     </legend><br>
 
-    <fieldset id="<?= /* @escapeNotVerified */ $_addressChoiceContainerId ?>" class="admin__fieldset order-choose-address">
-    <?php if ($block->getIsShipping()): ?>
+    <fieldset id="<?= $block->escapeHtmlAttr($_addressChoiceContainerId) ?>" class="admin__fieldset order-choose-address">
+    <?php if ($block->getIsShipping()) : ?>
         <div class="admin__field admin__field-option admin__field-shipping-same-as-billing">
             <input type="checkbox" id="order-shipping_same_as_billing" name="shipping_same_as_billing"
                    onclick="order.setShippingAsBilling(this.checked)" class="admin__control-checkbox"
-                   <?php if ($block->getIsAsBilling()): ?>checked<?php endif; ?> />
+                   <?php if ($block->getIsAsBilling()) : ?>checked<?php endif; ?> />
             <label for="order-shipping_same_as_billing" class="admin__field-label">
-                <?= /* @escapeNotVerified */ __('Same As Billing Address') ?>
+                <?= $block->escapeHtml(__('Same As Billing Address')) ?>
             </label>
         </div>
     <?php endif; ?>
         <div class="admin__field admin__field-select-from-existing-address">
-            <label class="admin__field-label"><?= /* @escapeNotVerified */ __('Select from existing customer addresses:') ?></label>
+            <label class="admin__field-label"><?= $block->escapeHtml(__('Select from existing customer addresses:')) ?></label>
             <?php $_id = $block->getForm()->getHtmlIdPrefix() . 'customer_address_id' ?>
             <div class="admin__field-control">
-                <select id="<?= /* @escapeNotVerified */ $_id ?>"
+                <select id="<?= $block->escapeHtmlAttr($_id) ?>"
                         name="<?= $block->getForm()->getHtmlNamePrefix() ?>[customer_address_id]"
-                        onchange="order.selectAddress(this, '<?= /* @escapeNotVerified */ $_fieldsContainerId ?>')"
+                        onchange="order.selectAddress(this, '<?= $block->escapeJs($_fieldsContainerId) ?>')"
                         class="admin__control-select">
-                    <option value=""><?= /* @escapeNotVerified */ __('Add New Address') ?></option>
-                    <?php foreach ($addressArray as $addressId => $address): ?>
+                    <option value=""><?= $block->escapeHtml(__('Add New Address')) ?></option>
+                    <?php foreach ($addressArray as $addressId => $address) : ?>
                         <option
-                            value="<?= /* @escapeNotVerified */ $addressId ?>"<?php if ($addressId == $block->getAddressId()): ?> selected="selected"<?php endif; ?>>
-                            <?= /* @escapeNotVerified */ $block->escapeHtml($customerAddressFormatter->getAddressAsString($address)) ?>
+                            value="<?= $block->escapeHtmlAttr($addressId) ?>"<?php if ($addressId == $block->getAddressId()) : ?> selected="selected"<?php endif; ?>>
+                            <?= $block->escapeHtml($customerAddressFormatter->getAddressAsString($address)) ?>
                         </option>
                     <?php endforeach; ?>
                 </select>
@@ -85,28 +81,27 @@ endif; ?>
         </div>
     </fieldset>
 
-    <div class="order-address admin__fieldset" id="<?= /* @escapeNotVerified */ $_fieldsContainerId ?>">
+    <div class="order-address admin__fieldset" id="<?= $block->escapeHtmlAttr($_fieldsContainerId) ?>">
         <?= $block->getForm()->toHtml() ?>
 
         <div class="admin__field admin__field-option order-save-in-address-book">
-            <input name="<?= $block->getForm()->getHtmlNamePrefix() ?>[save_in_address_book]" type="checkbox" id="<?= $block->getForm()->getHtmlIdPrefix() ?>save_in_address_book" value="1"
-                   <?php if (!$block->getDontSaveInAddressBook()): ?> checked="checked"<?php endif; ?> class="admin__control-checkbox"/>
+            <input name="<?= $block->getForm()->getHtmlNamePrefix() ?>[save_in_address_book]" type="checkbox" id="<?= $block->getForm()->getHtmlIdPrefix() ?>save_in_address_book" value="1"<?php if (!$block->getDontSaveInAddressBook()) : ?> checked="checked"<?php endif; ?> class="admin__control-checkbox"/>
             <label for="<?= $block->getForm()->getHtmlIdPrefix() ?>save_in_address_book"
-                   class="admin__field-label"><?= /* @escapeNotVerified */ __('Save in address book') ?></label>
+                   class="admin__field-label"><?= $block->escapeHtml(__('Save in address book')) ?></label>
         </div>
     </div>
     <?php $hideElement = 'address-' . ($block->getIsShipping() ? 'shipping' : 'billing') . '-overlay'; ?>
-    <div style="display: none;" id="<?= /* @escapeNotVerified */ $hideElement ?>" class="order-methods-overlay">
-        <span><?= /* @escapeNotVerified */ __('You don\'t need to select a shipping address.') ?></span>
+    <div style="display: none;" id="<?= /* @noEscape */ $hideElement ?>" class="order-methods-overlay">
+        <span><?= $block->escapeHtml(__('You don\'t need to select a shipping address.')) ?></span>
     </div>
 
     <script>
         require(["Magento_Sales/order/create/form"], function(){
-                order.bindAddressFields('<?= /* @escapeNotVerified */ $_fieldsContainerId ?>');
-                order.bindAddressFields('<?= /* @escapeNotVerified */ $_addressChoiceContainerId ?>');
-                <?php if ($block->getIsShipping() && $block->getIsAsBilling()): ?>
-                order.disableShippingAddress(true);
-                <?php endif; ?>
+            order.bindAddressFields('<?= $block->escapeJs($_fieldsContainerId) ?>');
+            order.bindAddressFields('<?= $block->escapeJs($_addressChoiceContainerId) ?>');
+            <?php if ($block->getIsShipping() && $block->getIsAsBilling()) : ?>
+            order.disableShippingAddress(true);
+            <?php endif; ?>
         });
     </script>
 </fieldset>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/giftmessage.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/giftmessage.phtml
index 14d020c4763f5..d27782fd20b15 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/giftmessage.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/giftmessage.phtml
@@ -4,25 +4,25 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
+// phpcs:disable Magento2.Templates.ThisInTemplate
 
+/** @var \Magento\Sales\Block\Adminhtml\Order\Create\Giftmessage $block */
 ?>
-<?php if ($this->helper('Magento\GiftMessage\Helper\Message')->isMessagesAllowed('main', $block->getQuote(), $block->getStoreId())): ?>
-<?php $_items = $block->getItems(); ?>
-<div id="order-giftmessage" class="giftmessage-order-create">
-    <fieldset class="admin__fieldset">
-        <legend class="admin__legend"><span><?= /* @escapeNotVerified */ __('Gift Message for the Entire Order') ?></span></legend>
-        <br>
-        <?php if ($this->helper('Magento\GiftMessage\Helper\Message')->isMessagesAllowed('main', $block->getQuote(), $block->getStoreId())): ?>
-            <p><?= /* @escapeNotVerified */ __('Leave this box blank if you don\'t want to leave a gift message for the entire order.') ?></p>
-            <?= $block->getFormHtml($block->getQuote(), 'main') ?>
-        <?php endif; ?>
-    </fieldset>
-<script>
-require(['Magento_Sales/order/create/form'], function(){
-
-    order.giftmessageFieldsBind('order-giftmessage');
-});
-</script>
-</div>
+<?php if ($this->helper(\Magento\GiftMessage\Helper\Message::class)->isMessagesAllowed('main', $block->getQuote(), $block->getStoreId())) : ?>
+    <?php $_items = $block->getItems(); ?>
+    <div id="order-giftmessage" class="giftmessage-order-create">
+        <fieldset class="admin__fieldset">
+            <legend class="admin__legend"><span><?= $block->escapeHtml(__('Gift Message for the Entire Order')) ?></span></legend>
+            <br>
+            <?php if ($this->helper(\Magento\GiftMessage\Helper\Message::class)->isMessagesAllowed('main', $block->getQuote(), $block->getStoreId())) : ?>
+                <p><?= $block->escapeHtml(__('Leave this box blank if you don\'t want to leave a gift message for the entire order.')) ?></p>
+                <?= $block->getFormHtml($block->getQuote(), 'main') ?>
+            <?php endif; ?>
+        </fieldset>
+        <script>
+        require(['Magento_Sales/order/create/form'], function(){
+            order.giftmessageFieldsBind('order-giftmessage');
+        });
+        </script>
+    </div>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/items.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/items.phtml
index de7af269538d9..4c31e34d38654 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/items.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/items.phtml
@@ -4,12 +4,10 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+/** @var \Magento\Sales\Block\Adminhtml\Order\Create\Items $block */
 ?>
-
 <div class="admin__page-section-title">
-    <strong class="title"><?= /* @escapeNotVerified */ $block->getHeaderText() ?></strong>
+    <strong class="title"><?= $block->escapeHtml($block->getHeaderText()) ?></strong>
     <div class="actions">
         <?= $block->getButtonsHtml() ?>
     </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/grid.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/grid.phtml
index 02cf697b0e74a..d89f565ea6059 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/grid.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/grid.phtml
@@ -4,8 +4,7 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+// phpcs:disable Magento2.Templates.ThisInTemplate
 ?>
 <?php
 /**
@@ -14,32 +13,32 @@
 ?>
 
 <?php $_items = $block->getItems() ?>
-<?php if (empty($_items)): ?>
+<?php if (empty($_items)) : ?>
     <div id="order-items_grid">
         <div class="admin__table-wrapper">
             <table class="data-table admin__table-primary order-tables">
                 <thead>
                     <tr class="headings">
-                        <th class="col-product"><span><?= /* @escapeNotVerified */ __('Product') ?></span></th>
-                        <th class="col-price"><span><?= /* @escapeNotVerified */ __('Price') ?></span></th>
-                        <th class="col-qty"><span><?= /* @escapeNotVerified */ __('Qty') ?></span></th>
-                        <th class="col-subtotal"><span><?= /* @escapeNotVerified */ __('Subtotal') ?></span></th>
-                        <th class="col-discount"><span><?= /* @escapeNotVerified */ __('Discount') ?></span></th>
-                        <th class="col-row-total"><span><?= /* @escapeNotVerified */ __('Row Subtotal') ?></span></th>
-                        <th class="col-action"><span><?= /* @escapeNotVerified */ __('Action') ?></span></th>
+                        <th class="col-product"><span><?= $block->escapeHtml(__('Product')) ?></span></th>
+                        <th class="col-price"><span><?= $block->escapeHtml(__('Price')) ?></span></th>
+                        <th class="col-qty"><span><?= $block->escapeHtml(__('Qty')) ?></span></th>
+                        <th class="col-subtotal"><span><?= $block->escapeHtml(__('Subtotal')) ?></span></th>
+                        <th class="col-discount"><span><?= $block->escapeHtml(__('Discount')) ?></span></th>
+                        <th class="col-row-total"><span><?= $block->escapeHtml(__('Row Subtotal')) ?></span></th>
+                        <th class="col-action"><span><?= $block->escapeHtml(__('Action')) ?></span></th>
                     </tr>
                 </thead>
                 <tbody>
                     <tr class="even">
-                        <td class="empty-text" colspan="100"><?= /* @escapeNotVerified */ __('No ordered items') ?></td>
+                        <td class="empty-text" colspan="100"><?= $block->escapeHtml(__('No ordered items')) ?></td>
                     </tr>
                 </tbody>
             </table>
         </div>
     </div>
-<?php else: ?>
+<?php else : ?>
     <div class="admin__table-wrapper" id="order-items_grid">
-    <?php if (count($_items)>10): ?>
+    <?php if (count($_items) > 10) : ?>
         <div class="actions update actions-update">
             <?= $block->getButtonHtml(__('Update Items and Quantities'), 'order.itemsUpdate()', 'action-secondary') ?>
         </div>
@@ -47,37 +46,34 @@
         <table class="data-table admin__table-primary order-tables">
             <thead>
                 <tr class="headings">
-                    <th class="col-product"><span><?= /* @escapeNotVerified */ __('Product') ?></span></th>
-                    <th class="col-price"><span><?= /* @escapeNotVerified */ __('Price') ?></span></th>
-                    <th class="col-qty"><span><?= /* @escapeNotVerified */ __('Qty') ?></span></th>
-                    <th class="col-subtotal"><span><?= /* @escapeNotVerified */ __('Subtotal') ?></span></th>
-                    <th class="col-discount"><span><?= /* @escapeNotVerified */ __('Discount') ?></span></th>
-                    <th class="col-row-total"><span><?= /* @escapeNotVerified */ __('Row Subtotal') ?></span></th>
-                    <th class="col-action"><span><?= /* @escapeNotVerified */ __('Action') ?></span></th>
+                    <th class="col-product"><span><?= $block->escapeHtml(__('Product')) ?></span></th>
+                    <th class="col-price"><span><?= $block->escapeHtml(__('Price')) ?></span></th>
+                    <th class="col-qty"><span><?= $block->escapeHtml(__('Qty')) ?></span></th>
+                    <th class="col-subtotal"><span><?= $block->escapeHtml(__('Subtotal')) ?></span></th>
+                    <th class="col-discount"><span><?= $block->escapeHtml(__('Discount')) ?></span></th>
+                    <th class="col-row-total"><span><?= $block->escapeHtml(__('Row Subtotal')) ?></span></th>
+                    <th class="col-action"><span><?= $block->escapeHtml(__('Action')) ?></span></th>
                 </tr>
             </thead>
             <tfoot>
                 <tr>
-                    <td class="col-total"><?= /* @escapeNotVerified */ __('Total %1 product(s)', count($_items)) ?></td>
-                    <td colspan="2" class="col-subtotal"><?= /* @escapeNotVerified */ __('Subtotal:') ?></td>
-                    <td class="col-price"><strong><?= /* @escapeNotVerified */ $block->formatPrice($block->getSubtotal()) ?></strong></td>
-                    <td class="col-price"><strong><?= /* @escapeNotVerified */ $block->formatPrice($block->getDiscountAmount()) ?></strong></td>
-                    <td class="col-price"><strong>
-                    <?php
-                        /* @escapeNotVerified */ echo $block->formatPrice($block->getSubtotalWithDiscount());
-                    ?></strong></td>
+                    <td class="col-total"><?= $block->escapeHtml(__('Total %1 product(s)', count($_items))) ?></td>
+                    <td colspan="2" class="col-subtotal"><?= $block->escapeHtml(__('Subtotal:')) ?></td>
+                    <td class="col-price"><strong><?= /* @noEscape */ $block->formatPrice($block->getSubtotal()) ?></strong></td>
+                    <td class="col-price"><strong><?= /* @noEscape */ $block->formatPrice($block->getDiscountAmount()) ?></strong></td>
+                    <td class="col-price"><strong><?= /* @noEscape */ $block->formatPrice($block->getSubtotalWithDiscount()); ?></strong></td>
                     <td colspan="2">&nbsp;</td>
                 </tr>
             </tfoot>
                 <?php $i = 0 ?>
-                <?php foreach ($_items as $_item):$i++ ?>
-                <tbody class="<?= /* @escapeNotVerified */ ($i%2) ? 'even' : 'odd' ?>">
+                <?php foreach ($_items as $_item) : $i++ ?>
+                <tbody class="<?= /* @noEscape */ ($i%2) ? 'even' : 'odd' ?>">
                     <tr>
                         <td class="col-product">
-                            <span id="order_item_<?= /* @escapeNotVerified */ $_item->getId() ?>_title"><?= $block->escapeHtml($_item->getName()) ?></span>
+                            <span id="order_item_<?= (int) $_item->getId() ?>_title"><?= $block->escapeHtml($_item->getName()) ?></span>
                             <div class="product-sku-block">
-                                <span><?= /* @escapeNotVerified */ __('SKU') ?>:</span>
-                                <?= implode('<br />', $this->helper('Magento\Catalog\Helper\Data')->splitSku($block->escapeHtml($_item->getSku()))) ?>
+                                <span><?= $block->escapeHtml(__('SKU')) ?>:</span>
+                                <?= /* @noEscape */ implode('<br />', $this->helper(\Magento\Catalog\Helper\Data::class)->splitSku($block->escapeHtml($_item->getSku()))) ?>
                             </div>
                             <div class="product-configure-block">
                                 <?= $block->getConfigureButtonHtml($_item) ?>
@@ -88,56 +84,56 @@
                             <?= $block->getItemUnitPriceHtml($_item) ?>
 
                             <?php $_isCustomPrice = $block->usedCustomPriceForItem($_item) ?>
-                            <?php if ($_tier = $block->getTierHtml($_item)): ?>
-                            <div id="item_tier_block_<?= /* @escapeNotVerified */ $_item->getId() ?>"<?php if ($_isCustomPrice): ?> style="display:none"<?php endif; ?>>
-                                <a href="#" onclick="$('item_tier_<?= /* @escapeNotVerified */ $_item->getId() ?>').toggle();return false;"><?= /* @escapeNotVerified */ __('Tier Pricing') ?></a>
-                                <div style="display:none" id="item_tier_<?= /* @escapeNotVerified */ $_item->getId() ?>"><?= /* @escapeNotVerified */ $_tier ?></div>
+                            <?php if ($_tier = $block->getTierHtml($_item)) : ?>
+                            <div id="item_tier_block_<?= (int) $_item->getId() ?>"<?php if ($_isCustomPrice) : ?> style="display:none"<?php endif; ?>>
+                                <a href="#" onclick="$('item_tier_<?= (int) $_item->getId() ?>').toggle();return false;"><?= $block->escapeHtml(__('Tier Pricing')) ?></a>
+                                <div style="display:none" id="item_tier_<?= (int) $_item->getId() ?>"><?= /* @noEscape */ $_tier ?></div>
                             </div>
                             <?php endif; ?>
-                            <?php if ($block->canApplyCustomPrice($_item)): ?>
+                            <?php if ($block->canApplyCustomPrice($_item)) : ?>
                                 <div class="custom-price-block">
                                     <input type="checkbox"
                                            class="admin__control-checkbox"
-                                           id="item_use_custom_price_<?= /* @escapeNotVerified */ $_item->getId() ?>"
-                                           <?php if ($_isCustomPrice): ?> checked="checked"<?php endif; ?>
-                                           onclick="order.toggleCustomPrice(this, 'item_custom_price_<?= /* @escapeNotVerified */ $_item->getId() ?>', 'item_tier_block_<?= /* @escapeNotVerified */ $_item->getId() ?>');"/>
+                                           id="item_use_custom_price_<?= (int) $_item->getId() ?>"
+                                           <?php if ($_isCustomPrice) : ?> checked="checked"<?php endif; ?>
+                                           onclick="order.toggleCustomPrice(this, 'item_custom_price_<?= (int) $_item->getId() ?>', 'item_tier_block_<?= (int) $_item->getId() ?>');"/>
                                     <label
                                         class="normal admin__field-label"
-                                        for="item_use_custom_price_<?= /* @escapeNotVerified */ $_item->getId() ?>">
-                                        <span><?= /* @escapeNotVerified */ __('Custom Price') ?>*</span></label>
+                                        for="item_use_custom_price_<?= (int) $_item->getId() ?>">
+                                        <span><?= $block->escapeHtml(__('Custom Price')) ?>*</span></label>
                                 </div>
                             <?php endif; ?>
-                            <input id="item_custom_price_<?= /* @escapeNotVerified */ $_item->getId() ?>"
-                                   name="item[<?= /* @escapeNotVerified */ $_item->getId() ?>][custom_price]"
-                                   value="<?= /* @escapeNotVerified */ sprintf("%.2f", $block->getOriginalEditablePrice($_item)) ?>"
-                                   <?php if (!$_isCustomPrice): ?>
-                                   style="display:none"
-                                   disabled="disabled"
-                                   <?php endif; ?>
-                                   class="input-text item-price admin__control-text"/>
+                            <input id="item_custom_price_<?= (int) $_item->getId() ?>"
+                                name="item[<?= (int) $_item->getId() ?>][custom_price]"
+                                value="<?= /* @noEscape */ sprintf("%.2f", $block->getOriginalEditablePrice($_item)) ?>"
+                                <?php if (!$_isCustomPrice) : ?>
+                                style="display:none"
+                                disabled="disabled"
+                                <?php endif; ?>
+                                class="input-text item-price admin__control-text"/>
                         </td>
                         <td class="col-qty">
-                            <input name="item[<?= /* @escapeNotVerified */ $_item->getId() ?>][qty]"
+                            <input name="item[<?= (int) $_item->getId() ?>][qty]"
                                    class="input-text item-qty admin__control-text"
-                                   value="<?= /* @escapeNotVerified */ $_item->getQty()*1 ?>"
+                                   value="<?= (int) $_item->getQty()*1 ?>"
                                    maxlength="12" />
                         </td>
                         <td class="col-subtotal col-price">
                             <?= $block->getItemRowTotalHtml($_item) ?>
                         </td>
                         <td class="col-discount col-price">
-                            <?= /* @escapeNotVerified */ $block->formatPrice(-$_item->getTotalDiscountAmount()) ?>
+                            <?= /* @noEscape */ $block->formatPrice(-$_item->getTotalDiscountAmount()) ?>
                             <div class="discount-price-block">
-                                <input id="item_use_discount_<?= /* @escapeNotVerified */ $_item->getId() ?>"
+                                <input id="item_use_discount_<?= (int) $_item->getId() ?>"
                                        class="admin__control-checkbox"
-                                       name="item[<?= /* @escapeNotVerified */ $_item->getId() ?>][use_discount]"
-                                       <?php if (!$_item->getNoDiscount()): ?>checked="checked"<?php endif; ?>
+                                       name="item[<?= (int) $_item->getId() ?>][use_discount]"
+                                       <?php if (!$_item->getNoDiscount()) : ?>checked="checked"<?php endif; ?>
                                        value="1"
                                        type="checkbox" />
                                 <label
-                                    for="item_use_discount_<?= /* @escapeNotVerified */ $_item->getId() ?>"
+                                    for="item_use_discount_<?= (int) $_item->getId() ?>"
                                     class="normal admin__field-label">
-                                    <span><?= /* @escapeNotVerified */ __('Apply') ?></span></label>
+                                    <span><?= $block->escapeHtml(__('Apply')) ?></span></label>
                             </div>
 
                         </td>
@@ -145,19 +141,19 @@
                             <?= $block->getItemRowTotalWithDiscountHtml($_item) ?>
                         </td>
                         <td class="col-actions last">
-                            <select class="admin__control-select" name="item[<?= /* @escapeNotVerified */ $_item->getId() ?>][action]">
-                                <option value=""><?= /* @escapeNotVerified */ __('Please select') ?></option>
-                                <option value="remove"><?= /* @escapeNotVerified */ __('Remove') ?></option>
-                                <?php if ($block->getCustomerId() && $block->getMoveToCustomerStorage()): ?>
-                                    <option value="cart"><?= /* @escapeNotVerified */ __('Move to Shopping Cart') ?></option>
-                                    <?php if ($block->isMoveToWishlistAllowed($_item)): ?>
+                            <select class="admin__control-select" name="item[<?= (int) $_item->getId() ?>][action]">
+                                <option value=""><?= $block->escapeHtml(__('Please select')) ?></option>
+                                <option value="remove"><?= $block->escapeHtml(__('Remove')) ?></option>
+                                <?php if ($block->getCustomerId() && $block->getMoveToCustomerStorage()) : ?>
+                                    <option value="cart"><?= $block->escapeHtml(__('Move to Shopping Cart')) ?></option>
+                                    <?php if ($block->isMoveToWishlistAllowed($_item)) : ?>
                                         <?php $wishlists = $block->getCustomerWishlists();?>
-                                        <?php if (count($wishlists) <= 1):?>
-                                            <option value="wishlist"><?= /* @escapeNotVerified */ __('Move to Wish List') ?></option>
-                                        <?php else: ?>
-                                            <optgroup label="<?= /* @escapeNotVerified */ __('Move to Wish List') ?>">
-                                                <?php foreach ($wishlists as $wishlist):?>
-                                                    <option value="wishlist_<?= /* @escapeNotVerified */ $wishlist->getId() ?>"><?= $block->escapeHtml($wishlist->getName()) ?></option>
+                                        <?php if (count($wishlists) <= 1) : ?>
+                                            <option value="wishlist"><?= $block->escapeHtml(__('Move to Wish List')) ?></option>
+                                        <?php else : ?>
+                                            <optgroup label="<?= $block->escapeHtml(__('Move to Wish List')) ?>">
+                                                <?php foreach ($wishlists as $wishlist) :?>
+                                                    <option value="wishlist_<?= (int) $wishlist->getId() ?>"><?= $block->escapeHtml($wishlist->getName()) ?></option>
                                                 <?php endforeach;?>
                                             </optgroup>
                                         <?php endif; ?>
@@ -168,22 +164,21 @@
                     </tr>
 
                     <?php $hasMessageError = false; ?>
-                    <?php foreach ($_item->getMessage(false) as $messageError):?>
-                        <?php if (!empty($messageError)) {
+                    <?php foreach ($_item->getMessage(false) as $messageError) : ?>
+                        <?php if (!empty($messageError)) :
                             $hasMessageError = true;
-                        }
-                        ?>
+                        endif; ?>
                     <?php endforeach; ?>
 
-                    <?php if ($hasMessageError):?>
+                    <?php if ($hasMessageError) : ?>
                         <tr class="row-messages-error">
                             <td colspan="100"> <!-- ToDo UI: remove the 100 -->
-                                <?php foreach ($_item->getMessage(false) as $message):
+                                <?php foreach ($_item->getMessage(false) as $message) :
                                     if (empty($message)) {
                                         continue;
                                     }
                                     ?>
-                                    <div class="message <?php if ($_item->getHasError()): ?>message-error<?php else: ?>message-notice<?php endif; ?>">
+                                    <div class="message <?php if ($_item->getHasError()) : ?>message-error<?php else : ?>message-notice<?php endif; ?>">
                                         <?= $block->escapeHtml($message) ?>
                                     </div>
                                 <?php endforeach; ?>
@@ -195,7 +190,7 @@
                 </tbody>
                 <?php endforeach; ?>
         </table>
-        <p><small><?= /* @escapeNotVerified */ $block->getInclExclTaxMessage() ?></small></p>
+        <p><small><?= $block->escapeHtml($block->getInclExclTaxMessage()) ?></small></p>
     </div>
 
     <div class="order-discounts">
@@ -210,43 +205,42 @@
             order.itemsOnchangeBind()
         });
     </script>
+    <?php if ($block->isGiftMessagesAvailable()) : ?>
+        <script>
+        require([
+            "prototype",
+            "Magento_Sales/order/giftoptions_tooltip"
+        ], function(){
 
-<?php if ($block->isGiftMessagesAvailable()) : ?>
-<script>
-require([
-    "prototype",
-    "Magento_Sales/order/giftoptions_tooltip"
-], function(){
-
-//<![CDATA[
-    /**
-     * Retrieve gift options tooltip content
-     */
-    function getGiftOptionsTooltipContent(itemId) {
-        var contentLines = [];
-        var headerLine = null;
-        var contentLine = null;
-
-        $$('#gift_options_data_' + itemId + ' .gift-options-tooltip-content').each(function (element) {
-            if (element.down(0)) {
-                headerLine = element.down(0).innerHTML;
-                contentLine = element.down(0).next().innerHTML;
-                if (contentLine.length > 30) {
-                    contentLine = contentLine.slice(0,30) + '...';
-                }
-                contentLines.push(headerLine + ' ' + contentLine);
+        //<![CDATA[
+            /**
+             * Retrieve gift options tooltip content
+             */
+            function getGiftOptionsTooltipContent(itemId) {
+                var contentLines = [];
+                var headerLine = null;
+                var contentLine = null;
+
+                $$('#gift_options_data_' + itemId + ' .gift-options-tooltip-content').each(function (element) {
+                    if (element.down(0)) {
+                        headerLine = element.down(0).innerHTML;
+                        contentLine = element.down(0).next().innerHTML;
+                        if (contentLine.length > 30) {
+                            contentLine = contentLine.slice(0,30) + '...';
+                        }
+                        contentLines.push(headerLine + ' ' + contentLine);
+                    }
+                });
+                return contentLines.join('<br/>');
             }
-        });
-        return contentLines.join('<br/>');
-    }
 
-    giftOptionsTooltip.setTooltipContentLoaderFunction(getGiftOptionsTooltipContent);
+            giftOptionsTooltip.setTooltipContentLoaderFunction(getGiftOptionsTooltipContent);
 
-    window.getGiftOptionsTooltipContent = getGiftOptionsTooltipContent;
+            window.getGiftOptionsTooltipContent = getGiftOptionsTooltipContent;
 
-//]]>
+        //]]>
 
-});
-</script>
-<?php endif; ?>
+        });
+        </script>
+    <?php endif; ?>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/price/row.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/price/row.phtml
index 2e1f058e17128..6a0715a056558 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/price/row.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/price/row.phtml
@@ -3,16 +3,11 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /** @var \Magento\Sales\Block\Adminhtml\Order\Create\Items\Grid $block */
-
 $_item = $block->getItem();
 ?>
-
 <div class="price-excl-tax">
-    <?= /* @escapeNotVerified */ $block->formatPrice($_item->getRowTotal()) ?>
+    <?= /* @noEscape */ $block->formatPrice($_item->getRowTotal()) ?>
 </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/price/total.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/price/total.phtml
index aafd3afd2783c..7fdf39ed2bc21 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/price/total.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/price/total.phtml
@@ -3,15 +3,10 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /** @var \Magento\Sales\Block\Adminhtml\Order\Create\Items\Grid $block */
-
 $_item = $block->getItem();
 ?>
-
 <?php $_rowTotalWithoutDiscount = $_item->getRowTotal() - $_item->getTotalDiscountAmount(); ?>
-<?= /* @escapeNotVerified */ $block->formatPrice(max(0, $_rowTotalWithoutDiscount)) ?>
+<?= /* @noEscape */ $block->formatPrice(max(0, $_rowTotalWithoutDiscount)) ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/price/unit.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/price/unit.phtml
index 0ecefcf5273f1..b5871518cf596 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/price/unit.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/price/unit.phtml
@@ -3,15 +3,11 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /** @var \Magento\Sales\Block\Adminhtml\Order\Create\Items\Grid $block */
-
 $_item = $block->getItem();
 ?>
 <div class="price-excl-tax">
-<?= /* @escapeNotVerified */ $block->formatPrice($_item->getCalculationPrice()) ?>
+<?= /* @noEscape */ $block->formatPrice($_item->getCalculationPrice()) ?>
 </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/js.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/js.phtml
index 374684d351b49..0c3f7fc2016be 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/js.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/js.phtml
@@ -3,8 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
  ?>
 <script>
 require([
@@ -13,16 +11,14 @@ require([
     "Magento_Catalog/catalog/product/composite/configure",
     "domReady!"
 ], function(){
-
     order.sidebarHide();
     if (window.productConfigure) {
         productConfigure.addListType('product_to_add', {
-            urlFetch: '<?= /* @escapeNotVerified */ $block->getUrl('sales/order_create/configureProductToAdd') ?>'
+            urlFetch: '<?= $block->escapeJs($block->escapeUrl($block->getUrl('sales/order_create/configureProductToAdd'))) ?>'
         });
         productConfigure.addListType('quote_items', {
-            urlFetch: '<?= /* @escapeNotVerified */ $block->getUrl('sales/order_create/configureQuoteItems') ?>'
+            urlFetch: '<?= $block->escapeJs($block->escapeUrl($block->getUrl('sales/order_create/configureQuoteItems'))) ?>'
         });
     }
-
 });
 </script>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/newsletter/form.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/newsletter/form.phtml
index 973758a66947c..1dcf57d879543 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/newsletter/form.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/newsletter/form.phtml
@@ -3,8 +3,5 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<input type="checkbox" name="newsletter:subscribe"> <label for="newsletter:subscribe" style="width: 90%; float: none;"><?= /* @escapeNotVerified */ __('Subscribe to Newsletter') ?></label><br/>
+<input type="checkbox" name="newsletter:subscribe"> <label for="newsletter:subscribe" style="width: 90%; float: none;"><?= $block->escapeHtml(__('Subscribe to Newsletter')) ?></label><br/>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/shipping/method/form.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/shipping/method/form.phtml
index 65d3a612e5133..baaf4c078f2c7 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/shipping/method/form.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/shipping/method/form.phtml
@@ -4,46 +4,45 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+// phpcs:disable Magento2.Templates.ThisInTemplate
 ?>
 <?php /** @var $block \Magento\Sales\Block\Adminhtml\Order\Create\Shipping\Method\Form */ ?>
 <?php $_shippingRateGroups = $block->getShippingRates(); ?>
-<?php if ($_shippingRateGroups): ?>
+<?php if ($_shippingRateGroups) : ?>
     <div id="order-shipping-method-choose" class="control" style="display:none">
         <dl class="admin__order-shipment-methods">
-        <?php foreach ($_shippingRateGroups as $code => $_rates): ?>
+        <?php foreach ($_shippingRateGroups as $code => $_rates) : ?>
             <dt class="admin__order-shipment-methods-title"><?= $block->escapeHtml($block->getCarrierName($code)) ?></dt>
             <dd class="admin__order-shipment-methods-options">
                 <ul class="admin__order-shipment-methods-options-list">
-                <?php foreach ($_rates as $_rate): ?>
+                <?php foreach ($_rates as $_rate) : ?>
                     <?php $_radioProperty = 'name="order[shipping_method]" type="radio" onclick="order.setShippingMethod(this.value)"' ?>
                     <?php $_code = $_rate->getCode() ?>
                     <li class="admin__field-option">
-                       <?php if ($_rate->getErrorMessage()): ?>
-                           <div class="messages">
+                        <?php if ($_rate->getErrorMessage()) : ?>
+                            <div class="messages">
                                <div class="message message-error error">
                                    <div><?= $block->escapeHtml($_rate->getErrorMessage()) ?></div>
                                </div>
-                           </div>
-                       <?php else: ?>
+                            </div>
+                        <?php else : ?>
                             <?php $_checked = $block->isMethodActive($_code) ? 'checked="checked"' : '' ?>
-                            <input <?= /* @escapeNotVerified */ $_radioProperty ?> value="<?= /* @escapeNotVerified */ $_code ?>"
-                                                                 id="s_method_<?= /* @escapeNotVerified */ $_code ?>" <?= /* @escapeNotVerified */ $_checked ?>
+                            <input <?= /* @noEscape */ $_radioProperty ?> value="<?= $block->escapeHtmlAttr($_code) ?>"
+                                                                 id="s_method_<?= $block->escapeHtmlAttr($_code) ?>" <?= /* @noEscape */ $_checked ?>
                                                                  class="admin__control-radio required-entry"/>
-                            <label class="admin__field-label" for="s_method_<?= /* @escapeNotVerified */ $_code ?>">
+                            <label class="admin__field-label" for="s_method_<?= $block->escapeHtmlAttr($_code) ?>">
                                 <?= $block->escapeHtml($_rate->getMethodTitle() ? $_rate->getMethodTitle() : $_rate->getMethodDescription()) ?> -
                                 <strong>
-                                    <?php $_excl = $block->getShippingPrice($_rate->getPrice(), $this->helper('Magento\Tax\Helper\Data')->displayShippingPriceIncludingTax()); ?>
+                                    <?php $_excl = $block->getShippingPrice($_rate->getPrice(), $this->helper(\Magento\Tax\Helper\Data::class)->displayShippingPriceIncludingTax()); ?>
                                     <?php $_incl = $block->getShippingPrice($_rate->getPrice(), true); ?>
 
-                                    <?= /* @escapeNotVerified */ $_excl ?>
-                                    <?php if ($this->helper('Magento\Tax\Helper\Data')->displayShippingBothPrices() && $_incl != $_excl): ?>
-                                        (<?= /* @escapeNotVerified */ __('Incl. Tax') ?> <?= /* @escapeNotVerified */ $_incl ?>)
+                                    <?= /* @noEscape */ $_excl ?>
+                                    <?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displayShippingBothPrices() && $_incl != $_excl) : ?>
+                                        (<?= $block->escapeHtml(__('Incl. Tax')) ?> <?= /* @noEscape */ $_incl ?>)
                                     <?php endif; ?>
                                 </strong>
                             </label>
-                       <?php endif ?>
+                        <?php endif; ?>
                     </li>
                 <?php endforeach; ?>
                 </ul>
@@ -51,7 +50,7 @@
         <?php endforeach; ?>
         </dl>
     </div>
-    <?php if ($_rate = $block->getActiveMethodRate()): ?>
+    <?php if ($_rate = $block->getActiveMethodRate()) : ?>
         <div id="order-shipping-method-info" class="order-shipping-method-info">
             <dl class="admin__order-shipment-methods">
                 <dt class="admin__order-shipment-methods-title">
@@ -60,12 +59,12 @@
                 <dd class="admin__order-shipment-methods-options">
                     <?= $block->escapeHtml($_rate->getMethodTitle() ? $_rate->getMethodTitle() : $_rate->getMethodDescription()) ?> -
                     <strong>
-                        <?php $_excl = $block->getShippingPrice($_rate->getPrice(), $this->helper('Magento\Tax\Helper\Data')->displayShippingPriceIncludingTax()); ?>
+                        <?php $_excl = $block->getShippingPrice($_rate->getPrice(), $this->helper(\Magento\Tax\Helper\Data::class)->displayShippingPriceIncludingTax()); ?>
                         <?php $_incl = $block->getShippingPrice($_rate->getPrice(), true); ?>
 
-                        <?= /* @escapeNotVerified */ $_excl ?>
-                        <?php if ($this->helper('Magento\Tax\Helper\Data')->displayShippingBothPrices() && $_incl != $_excl): ?>
-                            (<?= /* @escapeNotVerified */ __('Incl. Tax') ?> <?= /* @escapeNotVerified */ $_incl ?>)
+                        <?= /* @noEscape */ $_excl ?>
+                        <?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displayShippingBothPrices() && $_incl != $_excl) : ?>
+                            (<?= $block->escapeHtml(__('Incl. Tax')) ?> <?= /* @noEscape */ $_incl ?>)
                         <?php endif; ?>
                     </strong>
                 </dd>
@@ -73,35 +72,35 @@
             <a href="#"
                onclick="$('order-shipping-method-info').hide();$('order-shipping-method-choose').show();return false"
                class="action-default">
-                <span><?= /* @escapeNotVerified */ __('Click to change shipping method') ?></span>
+                <span><?= $block->escapeHtml(__('Click to change shipping method')) ?></span>
             </a>
         </div>
-    <?php else: ?>
+    <?php else : ?>
         <script>
 require(['prototype'], function(){
     $('order-shipping-method-choose').show();
 });
 </script>
     <?php endif; ?>
-<?php elseif ($block->getIsRateRequest()): ?>
+<?php elseif ($block->getIsRateRequest()) : ?>
     <div class="order-shipping-method-summary">
-        <strong class="order-shipping-method-not-available"><?= /* @escapeNotVerified */ __('Sorry, no quotes are available for this order.') ?></strong>
+        <strong class="order-shipping-method-not-available"><?= $block->escapeHtml(__('Sorry, no quotes are available for this order.')) ?></strong>
     </div>
-<?php else: ?>
+<?php else : ?>
     <div id="order-shipping-method-summary" class="order-shipping-method-summary">
         <a href="#" onclick="order.loadShippingRates();return false" class="action-default">
-            <span><?= /* @escapeNotVerified */ __('Get shipping methods and rates') ?></span>
+            <span><?= $block->escapeHtml(__('Get shipping methods and rates')) ?></span>
         </a>
         <input type="hidden" name="order[has_shipping]" value="" class="required-entry" />
     </div>
 <?php endif; ?>
 <div style="display: none;" id="shipping-method-overlay" class="order-methods-overlay">
-    <span><?= /* @escapeNotVerified */ __('You don\'t need to select a shipping method.') ?></span>
+    <span><?= $block->escapeHtml(__('You don\'t need to select a shipping method.')) ?></span>
 </div>
 <script>
     require(["Magento_Sales/order/create/form"], function(){
-        order.overlay('shipping-method-overlay', <?php if ($block->getQuote()->isVirtual()): ?>false<?php else: ?>true<?php endif; ?>);
-        order.overlay('address-shipping-overlay', <?php if ($block->getQuote()->isVirtual()): ?>false<?php else: ?>true<?php endif; ?>);
+        order.overlay('shipping-method-overlay', <?php if ($block->getQuote()->isVirtual()) : ?>false<?php else : ?>true<?php endif; ?>);
+        order.overlay('address-shipping-overlay', <?php if ($block->getQuote()->isVirtual()) : ?>false<?php else : ?>true<?php endif; ?>);
         order.isOnlyVirtualProduct = <?= /* @noEscape */ $block->getQuote()->isVirtual() ? 'true' : 'false'; ?>;
     });
 </script>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar.phtml
index 48823de3f4db2..759187363a42d 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar.phtml
@@ -4,18 +4,16 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
-/** @var $block \Magento\Sales\Block\Adminhtml\Order\Create\Sidebar */
+/** @var \Magento\Sales\Block\Adminhtml\Order\Create\Sidebar $block */
 ?>
 <div class="customer-current-activity-inner">
-    <h4 class="customer-activity-title"><?= /* @escapeNotVerified */ __('Customer\'s Activities') ?></h4>
+    <h4 class="customer-activity-title"><?= $block->escapeHtml(__('Customer\'s Activities')) ?></h4>
     <div class="create-order-sidebar-container">
     <?= $block->getChildHtml('top_button') ?>
-    <?php foreach ($block->getLayout()->getChildBlocks($block->getNameInLayout()) as $_alias => $_child): ?>
-        <?php if ($_alias != 'top_button' && $_alias != 'bottom_button'): ?>
-            <?php if ($block->canDisplay($_child)): ?>
-                <div class="order-sidebar-block" id="order-sidebar_<?= /* @escapeNotVerified */ $_alias ?>">
+    <?php foreach ($block->getLayout()->getChildBlocks($block->getNameInLayout()) as $_alias => $_child) : ?>
+        <?php if ($_alias != 'top_button' && $_alias != 'bottom_button') : ?>
+            <?php if ($block->canDisplay($_child)) : ?>
+                <div class="order-sidebar-block" id="order-sidebar_<?= /* @noEscape */ $_alias ?>">
                     <?= $block->getChildHtml($_alias) ?>
                 </div>
             <?php endif; ?>
@@ -32,12 +30,12 @@ require([
 
     function addSidebarCompositeListType() {
         productConfigure.addListType('sidebar', {
-            urlFetch: '<?= /* @escapeNotVerified */ $block->getUrl('sales/order_create/configureProductToAdd') ?>',
-            urlConfirm: '<?= /* @escapeNotVerified */ $block->getUrl('sales/order_create/addConfigured') ?>'
+            urlFetch: '<?= $block->escapeJs($block->escapeUrl($block->getUrl('sales/order_create/configureProductToAdd'))) ?>',
+            urlConfirm: '<?= $block->escapeJs($block->escapeUrl($block->getUrl('sales/order_create/addConfigured'))) ?>'
         });
         productConfigure.addListType('sidebar_wishlist', {
-            urlFetch: '<?= /* @escapeNotVerified */ $block->getUrl('customer/wishlist_product_composite_wishlist/configure') ?>',
-            urlConfirm: '<?= /* @escapeNotVerified */ $block->getUrl('sales/order_create/addConfigured') ?>'
+            urlFetch: '<?= $block->escapeJs($block->escapeUrl($block->getUrl('customer/wishlist_product_composite_wishlist/configure'))) ?>',
+            urlConfirm: '<?= $block->escapeJs($block->escapeUrl($block->getUrl('sales/order_create/addConfigured'))) ?>'
         });
     }
 
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml
index 2dbf717f73439..6c6c628426bbe 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml
@@ -3,44 +3,41 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php /* @var $block \Magento\Sales\Block\Adminhtml\Order\Create\Sidebar\AbstractSidebar */ ?>
-<div class="create-order-sidebar-block" id="sidebar_data_<?= /* @escapeNotVerified */ $block->getDataId() ?>">
+<div class="create-order-sidebar-block" id="sidebar_data_<?= (int) $block->getDataId() ?>">
     <div class="head sidebar-title-block">
         <a href="#" class="action-refresh"
            title="<?= $block->escapeHtml(__('Refresh')) ?>"
-           onclick="order.loadArea('sidebar_<?= /* @escapeNotVerified */ $block->getDataId() ?>', 'sidebar_data_<?= /* @escapeNotVerified */ $block->getDataId() ?>');return false;">
-            <span><?= /* @escapeNotVerified */ __('Refresh') ?></span>
+           onclick="order.loadArea('sidebar_<?= (int) $block->getDataId() ?>', 'sidebar_data_<?= (int) $block->getDataId() ?>');return false;">
+            <span><?= $block->escapeHtml(__('Refresh')) ?></span>
         </a>
         <h5 class="create-order-sidebar-label">
-            <?= /* @escapeNotVerified */ $block->getHeaderText() ?>
-            <span class="normal">(<?= /* @escapeNotVerified */ $block->getItemCount() ?>)</span>
+            <?= $block->escapeHtml($block->getHeaderText()) ?>
+            <span class="normal">(<?= $block->escapeHtml($block->getItemCount()) ?>)</span>
         </h5>
     </div>
     <div class="content">
         <div class="auto-scroll">
-        <?php if ($block->getItemCount()): ?>
+        <?php if ($block->getItemCount()) : ?>
         <table class="admin__table-primary">
             <thead>
                 <tr>
-                    <th class="col-item"><?= /* @escapeNotVerified */ __('Item') ?></th>
+                    <th class="col-item"><?= $block->escapeHtml(__('Item')) ?></th>
 
-                    <?php if ($block->canDisplayItemQty()): ?>
-                        <th class="col-qty"><?= /* @escapeNotVerified */ __('Qty') ?></th>
+                    <?php if ($block->canDisplayItemQty()) : ?>
+                        <th class="col-qty"><?= $block->escapeHtml(__('Qty')) ?></th>
                     <?php endif; ?>
 
-                    <?php if ($block->canDisplayPrice()): ?>
-                        <th class="col-price"><?= /* @escapeNotVerified */ __('Price') ?></th>
+                    <?php if ($block->canDisplayPrice()) : ?>
+                        <th class="col-price"><?= $block->escapeHtml(__('Price')) ?></th>
                     <?php endif; ?>
 
-                    <?php if ($block->canRemoveItems()): ?>
+                    <?php if ($block->canRemoveItems()) : ?>
                         <th class="col-remove">
                             <span title="<?= $block->escapeHtml(__('Remove')) ?>"
                                   class="icon icon-remove">
-                                <span><?= /* @escapeNotVerified */ __('Remove') ?></span>
+                                <span><?= $block->escapeHtml(__('Remove')) ?></span>
                             </span>
                         </th>
                     <?php endif; ?>
@@ -48,40 +45,40 @@
                     <th class="col-add">
                         <span title="<?= $block->escapeHtml(__('Add To Order')) ?>"
                               class="icon icon-add">
-                            <span><?= /* @escapeNotVerified */ __('Add To Order') ?></span>
+                            <span><?= $block->escapeHtml(__('Add To Order')) ?></span>
                         </span>
                     </th>
                 </tr>
             </thead>
 
             <tbody>
-                <?php foreach ($block->getItems() as $_item): ?>
+                <?php foreach ($block->getItems() as $_item) : ?>
                     <tr>
                         <td class="col-item"><?= $block->escapeHtml($_item->getName()) ?></td>
 
-                        <?php if ($block->canDisplayItemQty()): ?>
+                        <?php if ($block->canDisplayItemQty()) : ?>
                             <td class="col-qty">
-                                <?= /* @escapeNotVerified */ $block->getItemQty($_item) ?>
+                                <?= (int) $block->getItemQty($_item) ?>
                             </td>
                         <?php endif; ?>
 
-                        <?php if ($block->canDisplayPrice()): ?>
+                        <?php if ($block->canDisplayPrice()) : ?>
                             <td class="col-price">
                                 <?= /* @noEscape */ $block->getItemPrice($block->getProduct($_item)) ?>
                             </td>
                         <?php endif; ?>
 
-                        <?php if ($block->canRemoveItems()): ?>
+                        <?php if ($block->canRemoveItems()) : ?>
                             <td class="col-remove">
                                 <div class="admin__field-option">
-                                    <input id="sidebar-remove-<?= /* @escapeNotVerified */ $block->getSidebarStorageAction() ?>-<?= /* @escapeNotVerified */ $block->getItemId($_item) ?>"
+                                    <input id="sidebar-remove-<?= $block->escapeHtmlAttr($block->getSidebarStorageAction()) ?>-<?= (int) $block->getItemId($_item) ?>"
                                            type="checkbox"
                                            class="admin__control-checkbox"
-                                           name="sidebar[remove][<?= /* @escapeNotVerified */ $block->getItemId($_item) ?>]"
-                                           value="<?= /* @escapeNotVerified */ $block->getDataId() ?>"
+                                           name="sidebar[remove][<?= (int) $block->getItemId($_item) ?>]"
+                                           value="<?= (int) $block->getDataId() ?>"
                                            title="<?= $block->escapeHtml(__('Remove')) ?>" />
                                     <label class="admin__field-label"
-                                           for="sidebar-remove-<?= /* @escapeNotVerified */ $block->getSidebarStorageAction() ?>-<?= /* @escapeNotVerified */ $block->getItemId($_item) ?>">
+                                           for="sidebar-remove-<?= $block->escapeHtmlAttr($block->getSidebarStorageAction()) ?>-<?= (int) $block->getItemId($_item) ?>">
                                     </label>
                                 </div>
                             </td>
@@ -89,29 +86,29 @@
 
                         <td class="col-add">
                             <div class="admin__field-option">
-                                <?php if ($block->isConfigurationRequired($_item->getTypeId()) && $block->getDataId() == 'wishlist'): ?>
+                                <?php if ($block->isConfigurationRequired($_item->getTypeId()) && $block->getDataId() == 'wishlist') : ?>
                                     <a href="#"
                                        class="icon icon-configure"
                                        title="<?= $block->escapeHtml(__('Configure and Add to Order')) ?>"
-                                       onclick="order.sidebarConfigureProduct('<?= 'sidebar_wishlist' ?>', <?= /* @escapeNotVerified */ $block->getProductId($_item) ?>, <?= /* @escapeNotVerified */ $block->getItemId($_item) ?>); return false;">
-                                        <span><?= /* @escapeNotVerified */ __('Configure and Add to Order') ?></span>
+                                       onclick="order.sidebarConfigureProduct('<?= 'sidebar_wishlist' ?>', <?= (int) $block->getProductId($_item) ?>, <?= (int) $block->getItemId($_item) ?>); return false;">
+                                        <span><?= $block->escapeHtml(__('Configure and Add to Order')) ?></span>
                                     </a>
-                                <?php elseif ($block->isConfigurationRequired($_item->getTypeId())): ?>
+                                <?php elseif ($block->isConfigurationRequired($_item->getTypeId())) : ?>
                                     <a href="#"
                                        class="icon icon-configure"
                                        title="<?= $block->escapeHtml(__('Configure and Add to Order')) ?>"
-                                       onclick="order.sidebarConfigureProduct('<?= 'sidebar' ?>', <?= /* @escapeNotVerified */ $block->getProductId($_item) ?>); return false;">
-                                        <span><?= /* @escapeNotVerified */ __('Configure and Add to Order') ?></span>
+                                       onclick="order.sidebarConfigureProduct('<?= 'sidebar' ?>', <?= (int) $block->getProductId($_item) ?>); return false;">
+                                        <span><?= $block->escapeHtml(__('Configure and Add to Order')) ?></span>
                                     </a>
-                                <?php else: ?>
-                                    <input id="sidebar-<?= /* @escapeNotVerified */ $block->getSidebarStorageAction() ?>-<?= /* @escapeNotVerified */ $block->getIdentifierId($_item) ?>"
+                                <?php else : ?>
+                                    <input id="sidebar-<?= $block->escapeHtmlAttr($block->getSidebarStorageAction()) ?>-<?= (int) $block->getIdentifierId($_item) ?>"
                                            type="checkbox"
                                            class="admin__control-checkbox"
-                                           name="sidebar[<?= /* @escapeNotVerified */ $block->getSidebarStorageAction() ?>][<?= /* @escapeNotVerified */ $block->getIdentifierId($_item) ?>]"
-                                           value="<?= /* @escapeNotVerified */ $block->canDisplayItemQty() ? $_item->getQty()*1 : 1 ?>"
+                                           name="sidebar[<?= $block->escapeHtmlAttr($block->getSidebarStorageAction()) ?>][<?= (int) $block->getIdentifierId($_item) ?>]"
+                                           value="<?= $block->canDisplayItemQty() ? (int) $_item->getQty()*1 : 1 ?>"
                                            title="<?= $block->escapeHtml(__('Add To Order')) ?>"/>
                                     <label class="admin__field-label"
-                                           for="sidebar-<?= /* @escapeNotVerified */ $block->getSidebarStorageAction() ?>-<?= /* @escapeNotVerified */ $block->getIdentifierId($_item) ?>">
+                                           for="sidebar-<?= $block->escapeHtmlAttr($block->getSidebarStorageAction()) ?>-<?= (int) $block->getIdentifierId($_item) ?>">
                                     </label>
                                 <?php endif; ?>
                             </div>
@@ -120,11 +117,11 @@
                 <?php endforeach; ?>
             </tbody>
         </table>
-        <?php else: ?>
-            <span class="no-items"><?= /* @escapeNotVerified */ __('No items') ?></span>
+        <?php else : ?>
+            <span class="no-items"><?= $block->escapeHtml(__('No items')) ?></span>
         <?php endif ?>
         </div>
-        <?php if ($block->getItemCount() && $block->canRemoveItems()): ?>
+        <?php if ($block->getItemCount() && $block->canRemoveItems()) : ?>
             <?= $block->getChildHtml('empty_customer_cart_button') ?>
         <?php endif; ?>
     </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/store/select.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/store/select.phtml
index 1de681bdb2084..407bd0272e9fd 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/store/select.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/store/select.phtml
@@ -3,20 +3,17 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php /* @var $block \Magento\Sales\Block\Adminhtml\Order\Create\Store\Select */ ?>
 <div class="store-scope form-inline">
     <div class="admin__fieldset tree-store-scope">
         <?php $showHelpHint = 0; ?>
-        <?php foreach ($block->getWebsiteCollection() as $_website): ?>
+        <?php foreach ($block->getWebsiteCollection() as $_website) : ?>
             <?php $showWebsite = false; ?>
-            <?php foreach ($block->getGroupCollection($_website) as $_group): ?>
+            <?php foreach ($block->getGroupCollection($_website) as $_group) : ?>
                 <?php $showGroup = false; ?>
-                <?php foreach ($block->getStoreCollection($_group) as $_store): ?>
-                    <?php if ($showWebsite == false): ?>
+                <?php foreach ($block->getStoreCollection($_group) as $_store) : ?>
+                    <?php if ($showWebsite == false) : ?>
                         <?php $showWebsite = true; ?>
                         <div class="admin__field field-website_label">
                             <label class="admin__field-label" for="">
@@ -24,7 +21,7 @@
                             </label>
                             <div class="admin__field-control">
                                 <div class="admin__field admin__field-option">
-                                    <?php if ($showHelpHint == 0):
+                                    <?php if ($showHelpHint == 0) :
                                         echo $block->getHintHtml();
                                         $showHelpHint = 1;
                                     endif; ?>
@@ -33,7 +30,7 @@
                         </div>
                     <?php endif; ?>
 
-                    <?php if ($showGroup == false): ?>
+                    <?php if ($showGroup == false) : ?>
                         <?php $showGroup = true; ?>
                         <div class="admin__field field-group_label">
                             <label class="admin__field-label" for=""><span><?= $block->escapeHtml($_group->getName()) ?></span></label>
@@ -46,8 +43,8 @@
                         <div class="admin__field-control">
                             <div class="nested">
                                 <div class="admin__field admin__field-option">
-                                    <input type="radio" id="store_<?= /* @escapeNotVerified */ $_store->getId() ?>" class="admin__control-radio" onclick="order.setStoreId('<?= /* @escapeNotVerified */ $_store->getId() ?>')"/>
-                                    <label class="admin__field-label" for="store_<?= /* @escapeNotVerified */ $_store->getId() ?>">
+                                    <input type="radio" id="store_<?= (int) $_store->getId() ?>" class="admin__control-radio" onclick="order.setStoreId('<?= (int) $_store->getId() ?>')"/>
+                                    <label class="admin__field-label" for="store_<?= (int) $_store->getId() ?>">
                                         <?= $block->escapeHtml($_store->getName()) ?>
                                     </label>
                                 </div>
@@ -55,7 +52,7 @@
                         </div>
                     </div>
                 <?php endforeach; ?>
-                <?php if ($showGroup): ?>
+                <?php if ($showGroup) : ?>
                 <?php endif; ?>
             <?php endforeach; ?>
         <?php endforeach; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals.phtml
index 02433edf82346..9a901d99ae8f8 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals.phtml
@@ -4,31 +4,30 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+/** @var \Magento\Sales\Block\Adminhtml\Order\Create\Totals $block */
 ?>
-<legend class="admin__legend"><span><?= /* @escapeNotVerified */ __('Order Totals') ?></span></legend>
+<legend class="admin__legend"><span><?= $block->escapeHtml(__('Order Totals')) ?></span></legend>
 <br>
 
 <table class="admin__table-secondary data-table">
     <tbody>
-        <?= /* @escapeNotVerified */ $block->renderTotals() ?>
-        <?= /* @escapeNotVerified */ $block->renderTotals('footer') ?>
+        <?= /* @noEscape */ $block->renderTotals() ?>
+        <?= /* @noEscape */ $block->renderTotals('footer') ?>
     </tbody>
 </table>
 
 <div class="order-totals-actions">
     <div class="admin__field admin__field-option field-append-comments">
         <input type="checkbox" id="notify_customer" name="order[comment][customer_note_notify]"
-               value="1"<?php if ($block->getNoteNotify()): ?> checked="checked"<?php endif; ?>
+               value="1"<?php if ($block->getNoteNotify()) : ?> checked="checked"<?php endif; ?>
                class="admin__control-checkbox"/>
-        <label for="notify_customer" class="admin__field-label"><?= /* @escapeNotVerified */ __('Append Comments') ?></label>
+        <label for="notify_customer" class="admin__field-label"><?= $block->escapeHtml(__('Append Comments')) ?></label>
     </div>
-    <?php if ($block->canSendNewOrderConfirmationEmail()): ?>
+    <?php if ($block->canSendNewOrderConfirmationEmail()) : ?>
     <div class="admin__field admin__field-option field-email-order-confirmation">
         <input type="checkbox" id="send_confirmation" name="order[send_confirmation]" value="1" checked="checked"
                class="admin__control-checkbox"/>
-        <label for="send_confirmation" class="admin__field-label"><?= /* @escapeNotVerified */ __('Email Order Confirmation') ?></label>
+        <label for="send_confirmation" class="admin__field-label"><?= $block->escapeHtml(__('Email Order Confirmation')) ?></label>
     </div>
     <?php endif; ?>
     <div class="actions">
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/default.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/default.phtml
index 9ab8a6552539d..4a55eb609924f 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/default.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/default.phtml
@@ -3,19 +3,16 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<tr class="<?= /* @escapeNotVerified */ $block->getTotal()->getCode() ?> row-totals">
-    <td style="<?= /* @escapeNotVerified */ $block->getTotal()->getStyle() ?>" class="admin__total-mark" colspan="<?= /* @escapeNotVerified */ $block->getColspan() ?>">
-        <?php if ($block->getRenderingArea() == $block->getTotal()->getArea()): ?><strong><?php endif; ?>
+<tr class="<?= $block->escapeHtmlAttr($block->getTotal()->getCode()) ?> row-totals">
+    <td style="<?= $block->escapeHtmlAttr($block->getTotal()->getStyle()) ?>" class="admin__total-mark" colspan="<?= (int) $block->getColspan() ?>">
+        <?php if ($block->getRenderingArea() == $block->getTotal()->getArea()) : ?><strong><?php endif; ?>
             <?= $block->escapeHtml($block->getTotal()->getTitle()) ?>
-        <?php if ($block->getRenderingArea() == $block->getTotal()->getArea()): ?></strong><?php endif; ?>
+        <?php if ($block->getRenderingArea() == $block->getTotal()->getArea()) : ?></strong><?php endif; ?>
     </td>
-    <td style="<?= /* @escapeNotVerified */ $block->getTotal()->getStyle() ?>" class="admin__total-amount">
-        <?php if ($block->getRenderingArea() == $block->getTotal()->getArea()): ?><strong><?php endif; ?>
-            <?= /* @escapeNotVerified */ $block->formatPrice($block->getTotal()->getValue()) ?>
-        <?php if ($block->getRenderingArea() == $block->getTotal()->getArea()): ?></strong><?php endif; ?>
+    <td style="<?= $block->escapeHtmlAttr($block->getTotal()->getStyle()) ?>" class="admin__total-amount">
+        <?php if ($block->getRenderingArea() == $block->getTotal()->getArea()) : ?><strong><?php endif; ?>
+            <?= /* @noEscape */ $block->formatPrice($block->getTotal()->getValue()) ?>
+        <?php if ($block->getRenderingArea() == $block->getTotal()->getArea()) : ?></strong><?php endif; ?>
     </td>
 </tr>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/grandtotal.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/grandtotal.phtml
index 7486edd732706..4c4f94b5b3bb1 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/grandtotal.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/grandtotal.phtml
@@ -4,38 +4,36 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /**
  * @var $block \Magento\Tax\Block\Checkout\Grandtotal
  * @see \Magento\Tax\Block\Checkout\Grandtotal
  */
 ?>
-<?php if ($block->includeTax() && $block->getTotalExclTax() >= 0):?>
-<tr class="row-totals">
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-mark" colspan="<?= /* @escapeNotVerified */ $block->getColspan() ?>">
-        <strong><?= /* @escapeNotVerified */ __('Grand Total Excl. Tax') ?></strong>
-    </td>
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-amount">
-        <strong><?= /* @escapeNotVerified */ $block->formatPrice($block->getTotalExclTax()) ?></strong>
-    </td>
-</tr>
-<?= /* @escapeNotVerified */ $block->renderTotals('taxes', $block->getColspan()) ?>
-<tr class="row-totals">
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-mark" colspan="<?= /* @escapeNotVerified */ $block->getColspan() ?>">
-        <strong><?= /* @escapeNotVerified */ __('Grand Total Incl. Tax') ?></strong>
-    </td>
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-amount">
-        <strong><?= /* @escapeNotVerified */ $block->formatPrice($block->getTotal()->getValue()) ?></strong>
-    </td>
-</tr>
-<?php else:?>
-<tr class="row-totals">
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-mark" colspan="<?= /* @escapeNotVerified */ $block->getColspan() ?>">
-        <strong><?= /* @escapeNotVerified */ $block->getTotal()->getTitle() ?></strong>
-    </td>
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-amount">
-        <strong><?= /* @escapeNotVerified */ $block->formatPrice($block->getTotal()->getValue()) ?></strong>
-    </td>
-</tr>
+<?php if ($block->includeTax() && $block->getTotalExclTax() >= 0) : ?>
+    <tr class="row-totals">
+        <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-mark" colspan="<?= (int) $block->getColspan() ?>">
+            <strong><?= $block->escapeHtml(__('Grand Total Excl. Tax')) ?></strong>
+        </td>
+        <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-amount">
+            <strong><?= /* @noEscape */ $block->formatPrice($block->getTotalExclTax()) ?></strong>
+        </td>
+    </tr>
+    <?= /* @noEscape */ $block->renderTotals('taxes', $block->getColspan()) ?>
+    <tr class="row-totals">
+        <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-mark" colspan="<?= (int) $block->getColspan() ?>">
+            <strong><?= $block->escapeHtml(__('Grand Total Incl. Tax')) ?></strong>
+        </td>
+        <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-amount">
+            <strong><?= /* @noEscape */ $block->formatPrice($block->getTotal()->getValue()) ?></strong>
+        </td>
+    </tr>
+    <?php else : ?>
+    <tr class="row-totals">
+        <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-mark" colspan="<?= (int) $block->getColspan() ?>">
+            <strong><?= $block->escapeHtml($block->getTotal()->getTitle()) ?></strong>
+        </td>
+        <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-amount">
+            <strong><?= /* @noEscape */ $block->formatPrice($block->getTotal()->getValue()) ?></strong>
+        </td>
+    </tr>
 <?php endif;?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/shipping.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/shipping.phtml
index 2235a428e1e75..db204a46f1f94 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/shipping.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/shipping.phtml
@@ -4,46 +4,44 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /**
  * @var $block \Magento\Tax\Block\Checkout\Shipping
  * @see \Magento\Tax\Block\Checkout\Shipping
  */
 ?>
-<?php if ($block->displayBoth()):?>
+<?php if ($block->displayBoth()) :?>
 <tr class="row-totals">
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-mark" colspan="<?= /* @escapeNotVerified */ $block->getColspan() ?>">
-        <?= /* @escapeNotVerified */ $block->getExcludeTaxLabel() ?>
+    <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-mark" colspan="<?= (int) $block->getColspan() ?>">
+        <?= $block->escapeHtml($block->getExcludeTaxLabel()) ?>
     </td>
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-amount">
-        <?= /* @escapeNotVerified */ $block->formatPrice($block->getShippingExcludeTax()) ?>
+    <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-amount">
+        <?= /* @noEscape */ $block->formatPrice($block->getShippingExcludeTax()) ?>
     </td>
 </tr>
 <tr class="row-totals">
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-mark" colspan="<?= /* @escapeNotVerified */ $block->getColspan() ?>">
-        <?= /* @escapeNotVerified */ $block->getIncludeTaxLabel() ?>
+    <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-mark" colspan="<?= (int) $block->getColspan() ?>">
+        <?= $block->escapeHtml($block->getIncludeTaxLabel()) ?>
     </td>
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-amount">
-        <?= /* @escapeNotVerified */ $block->formatPrice($block->getShippingIncludeTax()) ?>
+    <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-amount">
+        <?= /* @noEscape */ $block->formatPrice($block->getShippingIncludeTax()) ?>
     </td>
 </tr>
 <?php elseif ($block->displayIncludeTax()) : ?>
 <tr>
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-mark" colspan="<?= /* @escapeNotVerified */ $block->getColspan() ?>">
-        <?= /* @escapeNotVerified */ $block->getTotal()->getTitle() ?>
+    <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-mark" colspan="<?= (int) $block->getColspan() ?>">
+        <?= $block->escapeHtml($block->getTotal()->getTitle()) ?>
     </td>
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-amount">
-        <?= /* @escapeNotVerified */ $block->formatPrice($block->getShippingIncludeTax()) ?>
+    <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-amount">
+        <?= /* @noEscape */ $block->formatPrice($block->getShippingIncludeTax()) ?>
     </td>
 </tr>
-<?php else:?>
+<?php else : ?>
 <tr class="row-totals">
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-mark" colspan="<?= /* @escapeNotVerified */ $block->getColspan() ?>">
+    <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-mark" colspan="<?= (int) $block->getColspan() ?>">
         <?= $block->escapeHtml($block->getTotal()->getTitle()) ?>
     </td>
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-amount">
-        <?= /* @escapeNotVerified */ $block->formatPrice($block->getShippingExcludeTax()) ?>
+    <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-amount">
+        <?= /* @noEscape */ $block->formatPrice($block->getShippingExcludeTax()) ?>
     </td>
 </tr>
 <?php endif;?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/subtotal.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/subtotal.phtml
index 380a7dc6fcbf9..a63458491baea 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/subtotal.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/subtotal.phtml
@@ -4,37 +4,35 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /**
  * @var $block \Magento\Sales\Block\Adminhtml\Order\Create\Totals\Subtotal
  * @see \Magento\Sales\Block\Adminhtml\Order\Create\Totals\Subtotal
  */
 ?>
-<?php if ($block->displayBoth()):?>
+<?php if ($block->displayBoth()) : ?>
 <tr class="row-totals">
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-mark" colspan="<?= /* @escapeNotVerified */ $block->getColspan() ?>">
-        <?= /* @escapeNotVerified */ __('Subtotal (Excl. Tax)') ?>
+    <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-mark" colspan="<?= (int) $block->getColspan() ?>">
+        <?= $block->escapeHtml(__('Subtotal (Excl. Tax)')) ?>
     </td>
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-amount">
-        <?= /* @escapeNotVerified */ $block->formatPrice($block->getTotal()->getValueExclTax()) ?>
+    <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-amount">
+        <?= /* @noEscape */ $block->formatPrice($block->getTotal()->getValueExclTax()) ?>
     </td>
 </tr>
 <tr class="row-totals">
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-mark" colspan="<?= /* @escapeNotVerified */ $block->getColspan() ?>">
-        <?= /* @escapeNotVerified */ __('Subtotal (Incl. Tax)') ?>
+    <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-mark" colspan="<?= (int) $block->getColspan() ?>">
+        <?= $block->escapeHtml(__('Subtotal (Incl. Tax)')) ?>
     </td>
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-amount">
-        <?= /* @escapeNotVerified */ $block->formatPrice($block->getTotal()->getValueInclTax()) ?>
+    <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-amount">
+        <?= /* @noEscape */ $block->formatPrice($block->getTotal()->getValueInclTax()) ?>
     </td>
 </tr>
 <?php else : ?>
 <tr class="row-totals">
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-mark" colspan="<?= /* @escapeNotVerified */ $block->getColspan() ?>">
-        <?= /* @escapeNotVerified */ $block->getTotal()->getTitle() ?>
+    <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-mark" colspan="<?= (int) $block->getColspan() ?>">
+        <?= $block->escapeHtml($block->getTotal()->getTitle()) ?>
     </td>
-    <td style="<?= /* @escapeNotVerified */ $block->getStyle() ?>" class="admin__total-amount">
-        <?= /* @escapeNotVerified */ $block->formatPrice($block->getTotal()->getValue()) ?>
+    <td style="<?= $block->escapeHtmlAttr($block->getStyle()) ?>" class="admin__total-amount">
+        <?= /* @noEscape */ $block->formatPrice($block->getTotal()->getValue()) ?>
     </td>
 </tr>
 <?php endif;?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/tax.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/tax.phtml
index 643146f7bb5cb..44b56c5065c99 100755
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/tax.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/tax.phtml
@@ -4,52 +4,59 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
+// phpcs:disable Magento2.Templates.ThisInTemplate
+// phpcs:disable Squiz.PHP.GlobalKeyword.NotAllowed
+
+/** @var \Magento\Sales\Block\Adminhtml\Order\Create\Totals\Tax $block */
 
 $taxAmount = $block->getTotal()->getValue();
 ?>
-<?php if (($taxAmount == 0 && $this->helper('Magento\Tax\Helper\Data')->displayZeroTax()) || ($taxAmount > 0)): ?>
-<?php global $taxIter; $taxIter++; ?>
-<?php $class = "{$block->getTotal()->getCode()} " . ($this->helper('Magento\Tax\Helper\Data')->displayFullSummary() ? 'summary-total' : ''); ?>
-<tr<?php if ($this->helper('Magento\Tax\Helper\Data')->displayFullSummary()): ?>
-    onclick="expandDetails(this, '.summary-details-<?= /* @escapeNotVerified */ $taxIter ?>')"
-<?php endif; ?>
-    class="<?= /* @escapeNotVerified */ $class ?> row-totals">
-    <td style="<?= /* @escapeNotVerified */ $block->getTotal()->getStyle() ?>" class="admin__total-mark" colspan="<?= /* @escapeNotVerified */ $block->getColspan() ?>">
-        <?php if ($this->helper('Magento\Tax\Helper\Data')->displayFullSummary()): ?>
-            <div class="summary-collapse"><?= /* @escapeNotVerified */ $block->getTotal()->getTitle() ?></div>
-        <?php else: ?>
-            <?= /* @escapeNotVerified */ $block->getTotal()->getTitle() ?>
-        <?php endif;?>
-    </td>
-    <td style="<?= /* @escapeNotVerified */ $block->getTotal()->getStyle() ?>" class="admin__total-amount"><?= /* @escapeNotVerified */ $block->formatPrice($block->getTotal()->getValue()) ?></td>
-</tr>
-<?php if ($this->helper('Magento\Tax\Helper\Data')->displayFullSummary()): ?>
+<?php if (($taxAmount == 0 && $this->helper(\Magento\Tax\Helper\Data::class)->displayZeroTax()) || ($taxAmount > 0)) :
+    global $taxIter;
+    $taxIter++;
+    ?>
+    <?php $class = "{$block->getTotal()->getCode()} " . ($this->helper(\Magento\Tax\Helper\Data::class)->displayFullSummary() ? 'summary-total' : ''); ?>
+    <tr<?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displayFullSummary()) : ?>
+        onclick="expandDetails(this, '.summary-details-<?= $block->escapeJs($taxIter) ?>')"
+    <?php endif; ?>
+        class="<?= /* @noEscape */ $class ?> row-totals">
+        <td style="<?= $block->escapeHtmlAttr($block->getTotal()->getStyle()) ?>" class="admin__total-mark" colspan="<?= (int) $block->getColspan() ?>">
+            <?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displayFullSummary()) : ?>
+                <div class="summary-collapse"><?= $block->escapeHtml($block->getTotal()->getTitle()) ?></div>
+            <?php else : ?>
+                <?= $block->escapeHtml($block->getTotal()->getTitle()) ?>
+            <?php endif;?>
+        </td>
+        <td style="<?= $block->escapeHtmlAttr($block->getTotal()->getStyle()) ?>" class="admin__total-amount">
+            <?= /* @noEscape */ $block->formatPrice($block->getTotal()->getValue()) ?>
+        </td>
+    </tr>
+    <?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displayFullSummary()) : ?>
         <?php $isTop = 1; ?>
-        <?php foreach ($block->getTotal()->getFullInfo() as $info): ?>
-                <?php if (isset($info['hidden']) && $info['hidden']) {
-                    continue;
-                } ?>
-                <?php $percent = $info['percent']; ?>
-                <?php $amount = $info['amount']; ?>
-                <?php $rates = $info['rates']; ?>
+        <?php foreach ($block->getTotal()->getFullInfo() as $info) : ?>
+            <?php if (isset($info['hidden']) && $info['hidden']) :
+                continue;
+            endif; ?>
+            <?php $percent = $info['percent']; ?>
+            <?php $amount = $info['amount']; ?>
+            <?php $rates = $info['rates']; ?>
 
-                <?php foreach ($rates as $rate): ?>
-                <tr class="summary-details-<?= /* @escapeNotVerified */ $taxIter ?> summary-details<?php if ($isTop): echo ' summary-details-first'; endif; ?>" style="display:none;">
-                    <td class="admin__total-mark" style="<?= /* @escapeNotVerified */ $block->getTotal()->getStyle() ?>" colspan="<?= /* @escapeNotVerified */ $block->getColspan() ?>">
+            <?php foreach ($rates as $rate) : ?>
+                <tr class="summary-details-<?= $block->escapeHtmlAttr($taxIter) ?> summary-details<?= ($isTop ? ' summary-details-first' : '') ?>" style="display:none;">
+                    <td class="admin__total-mark" style="<?= $block->escapeHtmlAttr($block->getTotal()->getStyle()) ?>" colspan="<?= (int) $block->getColspan() ?>">
                         <?= $block->escapeHtml($rate['title']) ?>
-                        <?php if (!is_null($rate['percent'])): ?>
-                            (<?= (float)$rate['percent'] ?>%)
+                        <?php if ($rate['percent'] !== null) : ?>
+                            (<?= (float) $rate['percent'] ?>%)
                         <?php endif; ?>
                         <br />
                     </td>
-                    <td style="<?= /* @escapeNotVerified */ $block->getTotal()->getStyle() ?>" class="admin__total-amount">
-                        <?= /* @escapeNotVerified */ $block->formatPrice(($amount*(float)$rate['percent'])/$percent) ?>
+                    <td style="<?= $block->escapeHtmlAttr($block->getTotal()->getStyle()) ?>" class="admin__total-amount">
+                        <?= /* @noEscape */ $block->formatPrice(($amount*(float)$rate['percent'])/$percent) ?>
                     </td>
                 </tr>
                 <?php $isTop = 0; ?>
-                <?php endforeach; ?>
+            <?php endforeach; ?>
         <?php endforeach; ?>
-<?php endif;?>
+    <?php endif;?>
 <?php endif;?>
 

From 3b5d5ccc8f97339bbf5981b948d43a90d13f5645 Mon Sep 17 00:00:00 2001
From: Dave Macaulay <macaulay@adobe.com>
Date: Tue, 21 May 2019 15:22:07 +0200
Subject: [PATCH 04/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Remaining admin templates
---
 .../order/creditmemo/create/form.phtml        |  31 ++---
 .../order/creditmemo/create/items.phtml       |  63 +++++-----
 .../create/items/renderer/default.phtml       |  17 ++-
 .../create/totals/adjustments.phtml           |  19 ++-
 .../order/creditmemo/view/form.phtml          |  43 +++----
 .../order/creditmemo/view/items.phtml         |  29 +++--
 .../view/items/renderer/default.phtml         |   9 +-
 .../adminhtml/templates/order/details.phtml   |  62 +++++-----
 .../templates/order/giftoptions.phtml         |   9 +-
 .../templates/order/invoice/create/form.phtml |  83 ++++++-------
 .../order/invoice/create/items.phtml          | 112 +++++++++---------
 .../create/items/renderer/default.phtml       |  13 +-
 .../templates/order/invoice/view/form.phtml   |  35 +++---
 .../templates/order/invoice/view/items.phtml  |  31 +++--
 .../invoice/view/items/renderer/default.phtml |   9 +-
 .../adminhtml/templates/order/totalbar.phtml  |   4 +-
 .../adminhtml/templates/order/totals.phtml    |  63 +++++-----
 .../templates/order/totals/discount.phtml     |  15 +--
 .../templates/order/totals/due.phtml          |   9 +-
 .../templates/order/totals/grand.phtml        |  13 +-
 .../templates/order/totals/item.phtml         |  19 +--
 .../templates/order/totals/paid.phtml         |   7 +-
 .../templates/order/totals/refunded.phtml     |   9 +-
 .../templates/order/totals/shipping.phtml     |   9 +-
 .../templates/order/totals/tax.phtml          |  66 +++++------
 .../templates/order/view/giftmessage.phtml    |  97 ++++++++-------
 .../templates/order/view/history.phtml        |  45 ++++---
 .../adminhtml/templates/order/view/info.phtml |  39 +++---
 .../templates/order/view/items.phtml          |  15 +--
 .../order/view/items/renderer/default.phtml   |   7 +-
 .../templates/order/view/tab/history.phtml    |  41 ++++---
 .../templates/order/view/tab/info.phtml       |  22 ++--
 .../templates/page/js/components.phtml        |   5 -
 .../templates/rss/order/grid/link.phtml       |   4 +-
 .../templates/transactions/detail.phtml       |  25 ++--
 35 files changed, 510 insertions(+), 569 deletions(-)

diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/form.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/form.phtml
index 2f32483e11a50..050098078b3f3 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/form.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/form.phtml
@@ -4,10 +4,11 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
+// phpcs:disable Magento2.Templates.ThisInTemplate
 
+/* @var \Magento\Sales\Block\Adminhtml\Order\Creditmemo\Create\Form $block */
 ?>
-<form id="edit_form" method="post" action="<?= /* @escapeNotVerified */ $block->getSaveUrl() ?>">
+<form id="edit_form" method="post" action="<?= $block->escapeUrl($block->getSaveUrl()) ?>">
     <?= $block->getBlockHtml('formkey') ?>
     <?php  $_order = $block->getCreditmemo()->getOrder() ?>
 
@@ -15,23 +16,23 @@
 
     <section class="admin__page-section">
         <div class="admin__page-section-title">
-            <span class="title"><?= /* @escapeNotVerified */ __('Payment &amp; Shipping Method') ?></span>
+            <span class="title"><?= $block->escapeHtml(__('Payment &amp; Shipping Method')) ?></span>
         </div>
         <div class="admin__page-section-content">
-        <?php if (!$_order->getIsVirtual()): ?>
+        <?php if (!$_order->getIsVirtual()) : ?>
         <div class="admin__page-section-item order-payment-method">
-        <?php else: ?>
+        <?php else : ?>
         <div class="admin__page-section-item order-payment-method order-payment-method-virtual">
         <?php endif; ?>
 
             <?php /* Billing Address */ ?>
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Payment Information') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Payment Information')) ?></span>
             </div>
             <div class="admin__page-section-item-content">
                 <div class="order-payment-method-title"><?= $block->getChildHtml('order_payment') ?></div>
                 <div class="order-payment-currency">
-                    <?= /* @escapeNotVerified */ __('The order was placed using %1.', $_order->getOrderCurrencyCode()) ?>
+                    <?= $block->escapeHtml(__('The order was placed using %1.', $_order->getOrderCurrencyCode())) ?>
                 </div>
                 <div class="order-payment-additional">
                     <?= $block->getChildHtml('order_payment_additional') ?>
@@ -39,27 +40,27 @@
             </div>
         </div>
 
-        <?php if (!$_order->getIsVirtual()): ?>
+        <?php if (!$_order->getIsVirtual()) : ?>
         <div class="admin__page-section-item order-shipping-address">
             <?php /* Shipping Address */ ?>
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Shipping Information') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Shipping Information')) ?></span>
             </div>
             <div class="admin__page-section-item-content shipping-description-wrapper">
                 <div class="shipping-description-title"><?= $block->escapeHtml($_order->getShippingDescription()) ?></div>
                 <div class="shipping-description-content">
-                    <?= /* @escapeNotVerified */ __('Total Shipping Charges') ?>:
+                    <?= $block->escapeHtml(__('Total Shipping Charges')) ?>:
 
-                    <?php if ($this->helper('Magento\Tax\Helper\Data')->displaySalesPriceInclTax($block->getSource()->getStoreId())): ?>
+                    <?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displaySalesPriceInclTax($block->getSource()->getStoreId())) : ?>
                         <?php $_excl = $block->displayShippingPriceInclTax($_order); ?>
-                    <?php else: ?>
+                    <?php else : ?>
                         <?php $_excl = $block->displayPriceAttribute('shipping_amount', false, ' '); ?>
                     <?php endif; ?>
                     <?php $_incl = $block->displayShippingPriceInclTax($_order); ?>
 
-                    <?= /* @escapeNotVerified */ $_excl ?>
-                    <?php if ($this->helper('Magento\Tax\Helper\Data')->displaySalesBothPrices($block->getSource()->getStoreId()) && $_incl != $_excl): ?>
-                        (<?= /* @escapeNotVerified */ __('Incl. Tax') ?> <?= /* @escapeNotVerified */ $_incl ?>)
+                    <?= /* @noEscape */ $_excl ?>
+                    <?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displaySalesBothPrices($block->getSource()->getStoreId()) && $_incl != $_excl) : ?>
+                        (<?= $block->escapeHtml(__('Incl. Tax')) ?> <?= /* @noEscape */ $_incl ?>)
                     <?php endif; ?>
                 </div>
             </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items.phtml
index ba4af32ff69b2..469eaa5416c61 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items.phtml
@@ -4,35 +4,34 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+/* @var \Magento\Sales\Block\Adminhtml\Order\Creditmemo\Create\Items $block */
 ?>
 <?php $_items = $block->getCreditmemo()->getAllItems() ?>
 
 <section class="admin__page-section">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Items to Refund') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Items to Refund')) ?></span>
     </div>
 
-    <?php if (count($_items)) : ?>
+    <?php if (!empty($_items)) : ?>
     <div class="admin__table-wrapper">
         <table class="data-table admin__table-primary order-creditmemo-tables">
             <thead>
                 <tr class="headings">
-                    <th class="col-product"><span><?= /* @escapeNotVerified */ __('Product') ?></span></th>
-                    <th class="col-price"><span><?= /* @escapeNotVerified */ __('Price') ?></span></th>
-                    <th class="col-ordered-qty"><span><?= /* @escapeNotVerified */ __('Qty') ?></span></th>
+                    <th class="col-product"><span><?= $block->escapeHtml(__('Product')) ?></span></th>
+                    <th class="col-price"><span><?= $block->escapeHtml(__('Price')) ?></span></th>
+                    <th class="col-ordered-qty"><span><?= $block->escapeHtml(__('Qty')) ?></span></th>
                     <?php if ($block->canReturnToStock()) : ?>
-                    <th class="col-return-to-stock"><span><?= /* @escapeNotVerified */ __('Return to Stock') ?></span></th>
+                    <th class="col-return-to-stock"><span><?= $block->escapeHtml(__('Return to Stock')) ?></span></th>
                     <?php endif; ?>
-                    <th class="col-refund"><span><?= /* @escapeNotVerified */ __('Qty to Refund') ?></span></th>
-                    <th class="col-subtotal"><span><?= /* @escapeNotVerified */ __('Subtotal') ?></span></th>
-                    <th class="col-tax-amount"><span><?= /* @escapeNotVerified */ __('Tax Amount') ?></span></th>
-                    <th class="col-discont"><span><?= /* @escapeNotVerified */ __('Discount Amount') ?></span></th>
-                    <th class="col-total last"><span><?= /* @escapeNotVerified */ __('Row Total') ?></span></th>
+                    <th class="col-refund"><span><?= $block->escapeHtml(__('Qty to Refund')) ?></span></th>
+                    <th class="col-subtotal"><span><?= $block->escapeHtml(__('Subtotal')) ?></span></th>
+                    <th class="col-tax-amount"><span><?= $block->escapeHtml(__('Tax Amount')) ?></span></th>
+                    <th class="col-discont"><span><?= $block->escapeHtml(__('Discount Amount')) ?></span></th>
+                    <th class="col-total last"><span><?= $block->escapeHtml(__('Row Total')) ?></span></th>
                 </tr>
             </thead>
-            <?php if ($block->canEditQty()): ?>
+            <?php if ($block->canEditQty()) : ?>
             <tfoot>
                 <tr>
                     <td colspan="3">&nbsp;</td>
@@ -43,13 +42,13 @@
                 </tr>
             </tfoot>
             <?php endif; ?>
-            <?php $i = 0; foreach ($_items as $_item): ?>
-                <?php if ($_item->getOrderItem()->getParentItem()) {
-                continue;
-            } else {
-                $i++;
-            } ?>
-                <tbody class="<?= /* @escapeNotVerified */ $i%2 ? 'even' : 'odd' ?>">
+            <?php $i = 0; foreach ($_items as $_item) : ?>
+                <?php if ($_item->getOrderItem()->getParentItem()) :
+                    continue;
+                else :
+                    $i++;
+                endif; ?>
+                <tbody class="<?= /* @noEscape */ $i%2 ? 'even' : 'odd' ?>">
                     <?= $block->getItemHtml($_item) ?>
                     <?= $block->getItemExtraInfoHtml($_item->getOrderItem()) ?>
                 </tbody>
@@ -58,47 +57,47 @@
     </div>
     <?php else : ?>
     <div class="no-items">
-        <?= /* @escapeNotVerified */ __('No Items To Refund') ?>
+        <?= $block->escapeHtml(__('No Items To Refund')) ?>
     </div>
     <?php endif; ?>
 </section>
 
 <?php $orderTotalBar = $block->getChildHtml('order_totalbar'); ?>
 
-<?php if (!empty($orderTotalBar)): ?>
+<?php if (!empty($orderTotalBar)) : ?>
 <section class="fieldset-wrapper">
-    <?= /* @escapeNotVerified */ $orderTotalBar ?>
+    <?= /* @noEscape */ $orderTotalBar ?>
 </section>
 <?php endif; ?>
 
 <section class="admin__page-section">
     <input type="hidden" name="creditmemo[do_offline]" id="creditmemo_do_offline" value="0" />
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Order Total') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Order Total')) ?></span>
     </div>
     <div class="admin__page-section-content">
         <div class="admin__page-section-item order-comments-history">
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Credit Memo Comments') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Credit Memo Comments')) ?></span>
             </div>
             <div id="history_form" class="admin__fieldset-wrapper-content">
                 <div class="admin__field">
                     <label class="normal admin__field-label"
                            for="creditmemo_comment_text">
-                        <span><?= /* @escapeNotVerified */ __('Comment Text') ?></span></label>
+                        <span><?= $block->escapeHtml(__('Comment Text')) ?></span></label>
                     <div class="admin__field-control">
                         <textarea id="creditmemo_comment_text"
                                   class="admin__control-textarea"
                                   name="creditmemo[comment_text]"
                                   rows="3"
-                                  cols="5"><?= /* @escapeNotVerified */ $block->getCreditmemo()->getCommentText() ?></textarea>
+                                  cols="5"><?= $block->escapeHtml($block->getCreditmemo()->getCommentText()) ?></textarea>
                     </div>
                 </div>
             </div>
         </div>
         <div class="admin__page-section-item order-totals creditmemo-totals">
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Refund Totals') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Refund Totals')) ?></span>
             </div>
             <?= $block->getChildHtml('creditmemo_totals') ?>
             <div class="order-totals-actions">
@@ -109,10 +108,10 @@
                            value="1"
                            type="checkbox" />
                     <label for="notify_customer" class="admin__field-label">
-                        <span><?= /* @escapeNotVerified */ __('Append Comments') ?></span>
+                        <span><?= $block->escapeHtml(__('Append Comments')) ?></span>
                     </label>
                 </div>
-                <?php if ($block->canSendCreditmemoEmail()):?>
+                <?php if ($block->canSendCreditmemoEmail()) :?>
                 <div class="field choice admin__field admin__field-option field-email-copy">
                     <input id="send_email"
                            class="admin__control-checkbox"
@@ -120,7 +119,7 @@
                            value="1"
                            type="checkbox" />
                     <label for="send_email" class="admin__field-label">
-                        <span><?= /* @escapeNotVerified */ __('Email Copy of Credit Memo') ?></span>
+                        <span><?= $block->escapeHtml(__('Email Copy of Credit Memo')) ?></span>
                     </label>
                 </div>
                 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items/renderer/default.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items/renderer/default.phtml
index b27a07c4bf824..e73333acd5fd4 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items/renderer/default.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php /** @var $block \Magento\Sales\Block\Adminhtml\Items\Renderer\DefaultRenderer */ ?>
 <?php $_item = $block->getItem() ?>
@@ -21,8 +18,8 @@
         <?php if ($block->canReturnItemToStock($_item)) : ?>
             <input type="checkbox"
                    class="admin__control-checkbox"
-                   name="creditmemo[items][<?= /* @escapeNotVerified */ $_item->getOrderItemId() ?>][back_to_stock]"
-                   value="1"<?php if ($_item->getBackToStock()):?> checked<?php endif;?>/>
+                   name="creditmemo[items][<?= (int) $_item->getOrderItemId() ?>][back_to_stock]"
+                   value="1"<?php if ($_item->getBackToStock()) : ?> checked<?php endif; ?>/>
             <label class="admin__field-label"></label>
         <?php endif; ?>
         </td>
@@ -31,17 +28,17 @@
     <?php if ($block->canEditQty()) : ?>
         <input type="text"
                class="input-text admin__control-text qty-input"
-               name="creditmemo[items][<?= /* @escapeNotVerified */ $_item->getOrderItemId() ?>][qty]"
-               value="<?= /* @escapeNotVerified */ $_item->getQty()*1 ?>"/>
+               name="creditmemo[items][<?= (int) $_item->getOrderItemId() ?>][qty]"
+               value="<?= (int) $_item->getQty()*1 ?>"/>
     <?php else : ?>
-        <?= /* @escapeNotVerified */ $_item->getQty()*1 ?>
+        <?= (int) $_item->getQty()*1 ?>
     <?php endif; ?>
     </td>
     <td class="col-subtotal">
         <?= $block->getColumnHtml($_item, 'subtotal') ?>
     </td>
-    <td class="col-tax-amount"><?= /* @escapeNotVerified */ $block->displayPriceAttribute('tax_amount') ?></td>
-    <td class="col-discont"><?= /* @escapeNotVerified */ $block->displayPriceAttribute('discount_amount') ?></td>
+    <td class="col-tax-amount"><?= /* @noEscape */ $block->displayPriceAttribute('tax_amount') ?></td>
+    <td class="col-discont"><?= /* @noEscape */ $block->displayPriceAttribute('discount_amount') ?></td>
     <td class="col-total last">
         <?= $block->getColumnHtml($_item, 'total') ?>
     </td>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/totals/adjustments.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/totals/adjustments.phtml
index fd77387a1eb88..96c79cd142360 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/totals/adjustments.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/totals/adjustments.phtml
@@ -3,38 +3,35 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_source  = $block->getSource() ?>
-<?php if ($_source): ?>
+<?php if ($_source) : ?>
     <tr>
-        <td class="label"><?= /* @escapeNotVerified */ $block->getShippingLabel() ?><div id="shipping_amount_adv"></div></td>
+        <td class="label"><?= $block->escapeHtml($block->getShippingLabel()) ?><div id="shipping_amount_adv"></div></td>
         <td>
             <input type="text"
                    name="creditmemo[shipping_amount]"
-                   value="<?= /* @escapeNotVerified */ $block->getShippingAmount() ?>"
+                   value="<?= /* @noEscape */ $block->getShippingAmount() ?>"
                    class="input-text admin__control-text not-negative-amount"
                    id="shipping_amount" />
         </td>
     </tr>
     <tr>
-        <td class="label"><?= /* @escapeNotVerified */ __('Adjustment Refund') ?><div id="adjustment_positive_adv"></div></td>
+        <td class="label"><?= $block->escapeHtml(__('Adjustment Refund')) ?><div id="adjustment_positive_adv"></div></td>
         <td>
             <input type="text"
                    name="creditmemo[adjustment_positive]"
-                   value="<?= /* @escapeNotVerified */ $_source->getBaseAdjustmentPositive()*1 ?>"
+                   value="<?= /* @noEscape */ $_source->getBaseAdjustmentPositive()*1 ?>"
                    class="input-text admin__control-text not-negative-amount"
                    id="adjustment_positive" />
         </td>
     </tr>
     <tr>
-        <td class="label"><?= /* @escapeNotVerified */ __('Adjustment Fee') ?><div id="adjustment_negative_adv"></div></td>
+        <td class="label"><?= $block->escapeHtml(__('Adjustment Fee')) ?><div id="adjustment_negative_adv"></div></td>
         <td>
             <input type="text"
                    name="creditmemo[adjustment_negative]"
-                   value="<?= /* @escapeNotVerified */ $_source->getBaseAdjustmentNegative()*1 ?>"
+                   value="<?= /* @noEscape */ $_source->getBaseAdjustmentNegative()*1 ?>"
                    class="input-text admin__control-text not-negative-amount"
                    id="adjustment_negative"/>
             <script>
@@ -42,7 +39,7 @@
 
                 //<![CDATA[
                 Validation.addAllThese([
-                    ['not-negative-amount', '<?= /* @escapeNotVerified */ __('Please enter a positive number in this field.') ?>', function(v) {
+                    ['not-negative-amount', '<?= $block->escapeHtml(__('Please enter a positive number in this field.')) ?>', function(v) {
                         if(v.length)
                             return /^\s*\d+([,.]\d+)*\s*%?\s*$/.test(v);
                         else
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/form.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/form.phtml
index 7f5c54a3236e0..7a216dca999ba 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/form.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/form.phtml
@@ -4,54 +4,55 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
+// phpcs:disable Magento2.Templates.ThisInTemplate
 
+/* @var \Magento\Sales\Block\Adminhtml\Order\Creditmemo\View\Form $block */
 ?>
 <?php  $_order = $block->getCreditmemo()->getOrder() ?>
 <?= $block->getChildHtml('order_info') ?>
 <section class="admin__page-section">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Payment &amp; Shipping Method') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Payment &amp; Shipping Method')) ?></span>
     </div>
     <div class="admin__page-section-content">
 
-        <?php if (!$_order->getIsVirtual()): ?>
+        <?php if (!$_order->getIsVirtual()) : ?>
         <div class="admin__page-section-item order-payment-method">
-        <?php else: ?>
+        <?php else : ?>
         <div class="admin__page-section-item order-payment-method order-payment-method-virtual">
         <?php endif; ?>
             <?php /* Billing Address */?>
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Payment Information') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Payment Information')) ?></span>
             </div>
             <div class="admin__page-section-item-content">
                 <div class="order-payment-method-title"><?= $block->getChildHtml('order_payment') ?></div>
-                <div class="order-payment-currency"><?= /* @escapeNotVerified */ __('The order was placed using %1.', $_order->getOrderCurrencyCode()) ?></div>
+                <div class="order-payment-currency"><?= $block->escapeHtml(__('The order was placed using %1.', $_order->getOrderCurrencyCode())) ?></div>
                 <div class="order-payment-additional"><?= $block->getChildHtml('order_payment_additional') ?></div>
             </div>
         </div>
 
-        <?php if (!$_order->getIsVirtual()): ?>
+        <?php if (!$_order->getIsVirtual()) : ?>
         <div class="admin__page-section-item order-shipping-address">
             <?php /* Shipping Address */ ?>
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Shipping Information') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Shipping Information')) ?></span>
             </div>
             <div class="shipping-description-wrapper admin__page-section-item-content">
                 <div class="shipping-description-title"><?= $block->escapeHtml($_order->getShippingDescription()) ?></div>
                 <div class="shipping-description-content">
-                    <?= /* @escapeNotVerified */ __('Total Shipping Charges') ?>:
+                    <?= $block->escapeHtml(__('Total Shipping Charges')) ?>:
 
-                    <?php if ($this->helper('Magento\Tax\Helper\Data')->displayShippingPriceIncludingTax()): ?>
+                    <?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displayShippingPriceIncludingTax()) : ?>
                         <?php $_excl = $block->displayShippingPriceInclTax($_order); ?>
-                    <?php else: ?>
+                    <?php else : ?>
                         <?php $_excl = $block->displayPriceAttribute('shipping_amount', false, ' '); ?>
                     <?php endif; ?>
                     <?php $_incl = $block->displayShippingPriceInclTax($_order); ?>
 
-                    <?= /* @escapeNotVerified */ $_excl ?>
-                    <?php if ($this->helper('Magento\Tax\Helper\Data')->displayShippingBothPrices() && $_incl != $_excl): ?>
-                        (<?= /* @escapeNotVerified */ __('Incl. Tax') ?> <?= /* @escapeNotVerified */ $_incl ?>)
+                    <?= /* @noEscape */ $_excl ?>
+                    <?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displayShippingBothPrices() && $_incl != $_excl) : ?>
+                        (<?= $block->escapeHtml(__('Incl. Tax')) ?> <?= /* @noEscape */ $_incl ?>)
                     <?php endif; ?>
                 </div>
             </div>
@@ -61,33 +62,33 @@
 </section>
 <?php $_items = $block->getCreditmemo()->getAllItems() ?>
 
-<?php if (count($_items)): ?>
+<?php if (!empty($_items)) : ?>
 <div id="creditmemo_items_container">
     <?= $block->getChildHtml('creditmemo_items') ?>
 </div>
-<?php else: ?>
+<?php else : ?>
 <section class="admin__page-section">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Items Refunded') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Items Refunded')) ?></span>
     </div>
-    <div class="no-items admin__page-section-content"><?= /* @escapeNotVerified */ __('No Items') ?></div>
+    <div class="no-items admin__page-section-content"><?= $block->escapeHtml(__('No Items')) ?></div>
 </section>
 <?php endif; ?>
 
 <section class="admin__page-section">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Memo Total') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Memo Total')) ?></span>
     </div>
     <div class="admin__page-section-content">
         <div class="admin__page-section-item order-comments-history">
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Credit Memo History') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Credit Memo History')) ?></span>
             </div>
             <div class="admin__page-section-item-content"><?= $block->getChildHtml('order_comments') ?></div>
         </div>
         <div class="admin__page-section-item order-totals" id="history_form">
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Credit Memo Totals') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Credit Memo Totals')) ?></span>
             </div>
             <div class="admin__page-section-content"><?= $block->getChildHtml('creditmemo_totals') ?></div>
         </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/items.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/items.phtml
index d77f2fbde22e4..1471197982898 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/items.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/items.phtml
@@ -4,35 +4,34 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+/* @var \Magento\Sales\Block\Adminhtml\Order\Creditmemo\View\Items $block */
 ?>
 <?php $_items = $block->getCreditmemo()->getAllItems() ?>
 <div class="admin__page-section">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Items Refunded') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Items Refunded')) ?></span>
     </div>
     <div class="admin__page-section-content">
         <div class="admin__table-wrapper">
             <table class="data-table admin__table-primary order-creditmemo-tables">
                 <thead>
                     <tr class="headings">
-                        <th class="col-product"><span><?= /* @escapeNotVerified */ __('Product') ?></span></th>
-                        <th class="col-price"><span><?= /* @escapeNotVerified */ __('Price') ?></span></th>
-                        <th class="col-qty"><span><?= /* @escapeNotVerified */ __('Qty') ?></span></th>
-                        <th class="col-subtotal"><span><?= /* @escapeNotVerified */ __('Subtotal') ?></span></th>
-                        <th class="col-tax"><span><?= /* @escapeNotVerified */ __('Tax Amount') ?></span></th>
-                        <th class="col-discount"><span><?= /* @escapeNotVerified */ __('Discount Amount') ?></span></th>
-                        <th class="col-total last"><span><?= /* @escapeNotVerified */ __('Row Total') ?></span></th>
+                        <th class="col-product"><span><?= $block->escapeHtml(__('Product')) ?></span></th>
+                        <th class="col-price"><span><?= $block->escapeHtml(__('Price')) ?></span></th>
+                        <th class="col-qty"><span><?= $block->escapeHtml(__('Qty')) ?></span></th>
+                        <th class="col-subtotal"><span><?= $block->escapeHtml(__('Subtotal')) ?></span></th>
+                        <th class="col-tax"><span><?= $block->escapeHtml(__('Tax Amount')) ?></span></th>
+                        <th class="col-discount"><span><?= $block->escapeHtml(__('Discount Amount')) ?></span></th>
+                        <th class="col-total last"><span><?= $block->escapeHtml(__('Row Total')) ?></span></th>
                     </tr>
                 </thead>
-                <?php $i = 0; foreach ($_items as $_item): ?>
-                    <?php if ($_item->getOrderItem()->getParentItem()) {
+                <?php $i = 0; foreach ($_items as $_item) : ?>
+                    <?php if ($_item->getOrderItem()->getParentItem()) :
                         continue;
-                    } else {
+                    else :
                         $i++;
-                    } ?>
-                    <tbody class="<?= /* @escapeNotVerified */ $i%2 ? 'even' : 'odd' ?>">
+                    endif; ?>
+                    <tbody class="<?= /* @noEscape */ $i%2 ? 'even' : 'odd' ?>">
                         <?= $block->getItemHtml($_item) ?>
                         <?= $block->getItemExtraInfoHtml($_item->getOrderItem()) ?>
                     </tbody>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/items/renderer/default.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/items/renderer/default.phtml
index d39d41fe9c392..9be76abb3351f 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/items/renderer/default.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php /** @var $block \Magento\Sales\Block\Adminhtml\Items\Renderer\DefaultRenderer */ ?>
 <?php $_item = $block->getItem() ?>
@@ -16,12 +13,12 @@
     <td class="col-price">
         <?= $block->getColumnHtml($_item, 'price') ?>
     </td>
-    <td class="col-qty"><?= /* @escapeNotVerified */ $_item->getQty()*1 ?></td>
+    <td class="col-qty"><?= (int) $_item->getQty()*1 ?></td>
     <td class="col-subtotal">
         <?= $block->getColumnHtml($_item, 'subtotal') ?>
     </td>
-    <td class="col-tax"><?= /* @escapeNotVerified */ $block->displayPriceAttribute('tax_amount') ?></td>
-    <td class="col-discount"><?= /* @escapeNotVerified */ $block->displayPriceAttribute('discount_amount') ?></td>
+    <td class="col-tax"><?= /* @noEscape */ $block->displayPriceAttribute('tax_amount') ?></td>
+    <td class="col-discount"><?= /* @noEscape */ $block->displayPriceAttribute('discount_amount') ?></td>
     <td class="col-total last">
         <?= $block->getColumnHtml($_item, 'total') ?>
     </td>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/details.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/details.phtml
index 2372087de5d79..708cb15faaa73 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/details.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/details.phtml
@@ -4,18 +4,22 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
+// phpcs:disable Magento2.Templates.ThisInTemplate
 
 /*
 store view name = $_order->getStore()->getName()
 web site name = $_order->getStore()->getWebsite()->getName()
 store name = $_order->getStore()->getGroup()->getName()
 */
+
+/* @var \Magento\Sales\Block\Adminhtml\Order\Details $block */
 ?>
-<?php $_order = $block->getOrder() ?>
+<?php
+/* @var \Magento\Sales\Model\Order $_order */
+$_order = $block->getOrder() ?>
 <div>
-<?= __('Customer Name: %1', $block->escapeHtml($_order->getCustomerFirstname() ? $_order->getCustomerName() : $_order->getBillingAddress()->getName())) ?><br />
-<?= __('Purchased From: %1', $block->escapeHtml($_order->getStore()->getGroup()->getName())) ?><br />
+<?= $block->escapeHtml(__('Customer Name: %1', $_order->getCustomerFirstname() ? $_order->getCustomerName() : $_order->getBillingAddress()->getName())) ?><br />
+<?= $block->escapeHtml(__('Purchased From: %1', $_order->getStore()->getGroup()->getName())) ?><br />
 </div>
 <table cellpadding="0" border="0" width="100%" style="border:1px solid #bebcb7; background:#f8f7f5;">
     <thead>
@@ -27,58 +31,58 @@ store name = $_order->getStore()->getGroup()->getName()
     </thead>
 
     <tbody>
-<?php $i = 0; foreach ($_order->getAllItems() as $_item): $i++ ?>
+<?php $i = 0; foreach ($_order->getAllItems() as $_item) : $i++ ?>
         <tr <?= $i%2 ? 'bgcolor="#eeeded"' : '' ?>>
             <td align="left" valign="top" style="padding:3px 9px"><strong><?= $block->escapeHtml($_item->getName()) ?></strong>
-            <?php if ($_item->getGiftMessageId() && $_giftMessage = $this->helper('Magento\GiftMessage\Helper\Message')->getGiftMessage($_item->getGiftMessageId())): ?>
-            <br /><strong><?= /* @escapeNotVerified */ __('Gift Message') ?></strong>
-            <br /><?= /* @escapeNotVerified */ __('From:') ?> <?= $block->escapeHtml($_giftMessage->getSender()) ?>
-            <br /><?= /* @escapeNotVerified */ __('To:') ?> <?= $block->escapeHtml($_giftMessage->getRecipient()) ?>
-            <br /><?= /* @escapeNotVerified */ __('Message:') ?><br /> <?= $block->escapeHtml($_giftMessage->getMessage()) ?>
+            <?php if ($_item->getGiftMessageId() && $_giftMessage = $this->helper(\Magento\GiftMessage\Helper\Message::class)->getGiftMessage($_item->getGiftMessageId())) : ?>
+            <br /><strong><?= $block->escapeHtml(__('Gift Message')) ?></strong>
+            <br /><?= $block->escapeHtml(__('From:')) ?> <?= $block->escapeHtml($_giftMessage->getSender()) ?>
+            <br /><?= $block->escapeHtml(__('To:')) ?> <?= $block->escapeHtml($_giftMessage->getRecipient()) ?>
+            <br /><?= $block->escapeHtml(__('Message:')) ?><br /> <?= $block->escapeHtml($_giftMessage->getMessage()) ?>
             <?php endif; ?>
             </td>
-            <td align="center" valign="top" style="padding:3px 9px"><?= /* @escapeNotVerified */ $_item->getQtyOrdered()*1 ?></td>
-            <td align="right" valign="top" style="padding:3px 9px"><?= /* @escapeNotVerified */ $_order->formatPrice($_item->getRowTotal()) ?></td>
+            <td align="center" valign="top" style="padding:3px 9px"><?= (int) $_item->getQtyOrdered()*1 ?></td>
+            <td align="right" valign="top" style="padding:3px 9px"><?= /* @noEscape */ $_order->formatPrice($_item->getRowTotal()) ?></td>
         </tr>
 <?php endforeach ?>
     </tbody>
 
     <tfoot>
-    <?php if ($_order->getGiftMessageId() && $_giftMessage = $this->helper('Magento\GiftMessage\Helper\Message')->getGiftMessage($_order->getGiftMessageId())): ?>
+    <?php if ($_order->getGiftMessageId() && $_giftMessage = $this->helper(\Magento\GiftMessage\Helper\Message::class)->getGiftMessage($_order->getGiftMessageId())) : ?>
         <tr>
             <td colspan="3" align="left" style="padding:3px 9px">
-            <strong><?= /* @escapeNotVerified */ __('Gift Message') ?></strong>
-            <br /><?= /* @escapeNotVerified */ __('From:') ?> <?= $block->escapeHtml($_giftMessage->getSender()) ?>
-            <br /><?= /* @escapeNotVerified */ __('To:') ?> <?= $block->escapeHtml($_giftMessage->getRecipient()) ?>
-            <br /><?= /* @escapeNotVerified */ __('Message:') ?><br /> <?= $block->escapeHtml($_giftMessage->getMessage()) ?>
+            <strong><?= $block->escapeHtml(__('Gift Message')) ?></strong>
+            <br /><?= $block->escapeHtml(__('From:')) ?> <?= $block->escapeHtml($_giftMessage->getSender()) ?>
+            <br /><?= $block->escapeHtml(__('To:')) ?> <?= $block->escapeHtml($_giftMessage->getRecipient()) ?>
+            <br /><?= $block->escapeHtml(__('Message:')) ?><br /> <?= $block->escapeHtml($_giftMessage->getMessage()) ?>
             </td>
         </tr>
      <?php endif; ?>
         <tr>
-            <td colspan="2" align="right" style="padding:3px 9px"><?= /* @escapeNotVerified */ __('Subtotal') ?></td>
-            <td align="right" style="padding:3px 9px"><?= /* @escapeNotVerified */ $_order->formatPrice($_order->getSubtotal()) ?></td>
+            <td colspan="2" align="right" style="padding:3px 9px"><?= $block->escapeHtml(__('Subtotal')) ?></td>
+            <td align="right" style="padding:3px 9px"><?= /* @noEscape */ $_order->formatPrice($_order->getSubtotal()) ?></td>
         </tr>
-        <?php if ($_order->getDiscountAmount() > 0): ?>
+        <?php if ($_order->getDiscountAmount() > 0) : ?>
             <tr>
-                <td colspan="2" align="right" style="padding:3px 9px"><?= /* @escapeNotVerified */ (($_order->getCouponCode()) ? __('Discount (%1)', $_order->getCouponCode()) : __('Discount')) ?></td>
-                <td align="right" style="padding:3px 9px"><?= /* @escapeNotVerified */ $_order->formatPrice(0.00 - $_order->getDiscountAmount()) ?></td>
+                <td colspan="2" align="right" style="padding:3px 9px"><?= $block->escapeHtml((($_order->getCouponCode()) ? __('Discount (%1)', $_order->getCouponCode()) : __('Discount'))) ?></td>
+                <td align="right" style="padding:3px 9px"><?= /* @noEscape */ $_order->formatPrice(0.00 - $_order->getDiscountAmount()) ?></td>
             </tr>
         <?php endif; ?>
         <?php if ($_order->getShippingAmount() || $_order->getShippingDescription()) : ?>
             <tr>
-                <td colspan="2" align="right" style="padding:3px 9px"><?= /* @escapeNotVerified */ __('Shipping &amp; Handling') ?></td>
-                <td align="right" style="padding:3px 9px"><?= /* @escapeNotVerified */ $_order->formatPrice($_order->getShippingAmount()) ?></td>
+                <td colspan="2" align="right" style="padding:3px 9px"><?= $block->escapeHtml(__('Shipping &amp; Handling')) ?></td>
+                <td align="right" style="padding:3px 9px"><?= /* @noEscape */ $_order->formatPrice($_order->getShippingAmount()) ?></td>
             </tr>
         <?php endif; ?>
-        <?php if ($_order->getTaxAmount() > 0): ?>
+        <?php if ($_order->getTaxAmount() > 0) : ?>
             <tr>
-                <td colspan="2" align="right" style="padding:3px 9px"><?= /* @escapeNotVerified */ __('Tax') ?></td>
-                <td align="right" style="padding:3px 9px"><?= /* @escapeNotVerified */ $_order->formatPrice($_order->getTaxAmount()) ?></td>
+                <td colspan="2" align="right" style="padding:3px 9px"><?= $block->escapeHtml(__('Tax')) ?></td>
+                <td align="right" style="padding:3px 9px"><?= /* @noEscape */ $_order->formatPrice($_order->getTaxAmount()) ?></td>
             </tr>
         <?php endif; ?>
         <tr bgcolor="#DEE5E8">
-            <td colspan="2" align="right" style="padding:3px 9px"><strong><big><?= /* @escapeNotVerified */ __('Grand Total') ?></big></strong></td>
-            <td align="right" style="padding:6px 9px"><strong><big><?= /* @escapeNotVerified */ $_order->formatPrice($_order->getGrandTotal()) ?></big></strong></td>
+            <td colspan="2" align="right" style="padding:3px 9px"><strong><big><?= $block->escapeHtml(__('Grand Total')) ?></big></strong></td>
+            <td align="right" style="padding:6px 9px"><strong><big><?= /* @noEscape */ $_order->formatPrice($_order->getGrandTotal()) ?></big></strong></td>
         </tr>
     </tfoot>
 </table>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/giftoptions.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/giftoptions.phtml
index acce4571be005..1010eb339e26d 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/giftoptions.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/giftoptions.phtml
@@ -3,13 +3,10 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<?php if ($block->getChildHtml()): ?>
+<?php if ($block->getChildHtml()) : ?>
 <section class="admin__page-section order-gift-options">
-    <div class="admin__page-section-title"><strong class="title"><?= /* @escapeNotVerified */ __('Gift Options') ?></strong></div>
+    <div class="admin__page-section-title"><strong class="title"><?= $block->escapeHtml(__('Gift Options')) ?></strong></div>
     <?= $block->getChildHtml() ?>
 </section>
-<?php endif ?>
+<?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/form.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/form.phtml
index cabbb8df8573c..3ee670e8885bd 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/form.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/form.phtml
@@ -4,68 +4,69 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
+// phpcs:disable Magento2.Templates.ThisInTemplate
 
+/* @var \Magento\Sales\Block\Adminhtml\Order\Invoice\Create\Form $block */
 ?>
-<form id="edit_form" class="order-invoice-edit" method="post" action="<?= /* @escapeNotVerified */ $block->getSaveUrl() ?>">
+<form id="edit_form" class="order-invoice-edit" method="post" action="<?= $block->escapeUrl($block->getSaveUrl()) ?>">
     <?= $block->getBlockHtml('formkey') ?>
     <?php $_order = $block->getInvoice()->getOrder() ?>
     <?= $block->getChildHtml('order_info') ?>
 
     <section class="admin__page-section">
         <div class="admin__page-section-title">
-            <span class="title"><?= /* @escapeNotVerified */ __('Payment &amp; Shipping Method') ?></span>
+            <span class="title"><?= $block->escapeHtml(__('Payment &amp; Shipping Method')) ?></span>
         </div>
         <div class="admin__page-section-content">
-            <div class="admin__page-section-item order-payment-method<?php if ($_order->getIsVirtual()): ?> order-payment-method-virtual<?php endif; ?>">
+            <div class="admin__page-section-item order-payment-method<?php if ($_order->getIsVirtual()) : ?> order-payment-method-virtual<?php endif; ?>">
                 <div class="admin__page-section-item-title">
-                    <span class="title"><?= /* @escapeNotVerified */ __('Payment Information') ?></span>
+                    <span class="title"><?= $block->escapeHtml(__('Payment Information')) ?></span>
                 </div>
                 <div class="admin__page-section-item-content">
                     <div class="order-payment-method-title"><?= $block->getChildHtml('order_payment') ?></div>
-                    <div class="order-payment-currency"><?= /* @escapeNotVerified */ __('The order was placed using %1.', $_order->getOrderCurrencyCode()) ?></div>
+                    <div class="order-payment-currency"><?= $block->escapeHtml(__('The order was placed using %1.', $_order->getOrderCurrencyCode())) ?></div>
                     <div class="order-payment-additional"><?= $block->getChildHtml('order_payment_additional') ?></div>
                 </div>
             </div>
-            <?php if (!$_order->getIsVirtual()): ?>
-            <div class="admin__page-section-item order-shipping-address">
-                <?php /*Shipping Address */ ?>
-                <div class="admin__page-section-item-title">
-                    <span class="title"><?= /* @escapeNotVerified */ __('Shipping Information') ?></span>
-                </div>
-                <div class="admin__page-section-item-content">
-                    <div class="shipping-description-wrapper">
-                        <div class="shipping-description-title"><?= $block->escapeHtml($_order->getShippingDescription()) ?></div>
-                        <div class="shipping-description-content">
-                            <?= /* @escapeNotVerified */ __('Total Shipping Charges') ?>:
+            <?php if (!$_order->getIsVirtual()) : ?>
+                <div class="admin__page-section-item order-shipping-address">
+                    <?php /*Shipping Address */ ?>
+                    <div class="admin__page-section-item-title">
+                        <span class="title"><?= $block->escapeHtml(__('Shipping Information')) ?></span>
+                    </div>
+                    <div class="admin__page-section-item-content">
+                        <div class="shipping-description-wrapper">
+                            <div class="shipping-description-title"><?= $block->escapeHtml($_order->getShippingDescription()) ?></div>
+                            <div class="shipping-description-content">
+                                <?= $block->escapeHtml(__('Total Shipping Charges')) ?>:
 
-                            <?php if ($this->helper('Magento\Tax\Helper\Data')->displayShippingPriceIncludingTax()): ?>
-                                <?php $_excl = $block->displayShippingPriceInclTax($_order); ?>
-                            <?php else: ?>
-                                <?php $_excl = $block->displayPriceAttribute('shipping_amount', false, ' '); ?>
-                            <?php endif; ?>
-                            <?php $_incl = $block->displayShippingPriceInclTax($_order); ?>
+                                <?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displayShippingPriceIncludingTax()) : ?>
+                                    <?php $_excl = $block->displayShippingPriceInclTax($_order); ?>
+                                <?php else : ?>
+                                    <?php $_excl = $block->displayPriceAttribute('shipping_amount', false, ' '); ?>
+                                <?php endif; ?>
+                                <?php $_incl = $block->displayShippingPriceInclTax($_order); ?>
 
-                            <?= /* @escapeNotVerified */ $_excl ?>
-                            <?php if ($this->helper('Magento\Tax\Helper\Data')->displayShippingBothPrices() && $_incl != $_excl): ?>
-                                (<?= /* @escapeNotVerified */ __('Incl. Tax') ?> <?= /* @escapeNotVerified */ $_incl ?>)
-                            <?php endif; ?>
+                                <?= /* @noEscape */ $_excl ?>
+                                <?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displayShippingBothPrices() && $_incl != $_excl) : ?>
+                                    (<?= $block->escapeHtml(__('Incl. Tax')) ?> <?= /* @noEscape */ $_incl ?>)
+                                <?php endif; ?>
+                            </div>
                         </div>
-                    </div>
-                    <?php if ($block->canCreateShipment() && $block->canShipPartiallyItem()): ?>
-                    <div class="admin__field admin__field-option">
-                        <input type="checkbox" name="invoice[do_shipment]" id="invoice_do_shipment" value="1"
-                               class="admin__control-checkbox" <?= $block->hasInvoiceShipmentTypeMismatch() ? ' disabled="disabled"' : '' ?> />
-                        <label for="invoice_do_shipment"
-                               class="admin__field-label"><span><?= /* @escapeNotVerified */ __('Create Shipment') ?></span></label>
-                    </div>
-                    <?php if ($block->hasInvoiceShipmentTypeMismatch()): ?>
-                        <small><?= /* @escapeNotVerified */ __('Invoice and shipment types do not match for some items on this order. You can create a shipment only after creating the invoice.') ?></small>
+                        <?php if ($block->canCreateShipment() && $block->canShipPartiallyItem()) : ?>
+                            <div class="admin__field admin__field-option">
+                                <input type="checkbox" name="invoice[do_shipment]" id="invoice_do_shipment" value="1"
+                                       class="admin__control-checkbox" <?= $block->hasInvoiceShipmentTypeMismatch() ? ' disabled="disabled"' : '' ?> />
+                                <label for="invoice_do_shipment"
+                                       class="admin__field-label"><span><?= $block->escapeHtml(__('Create Shipment')) ?></span></label>
+                            </div>
+                            <?php if ($block->hasInvoiceShipmentTypeMismatch()) : ?>
+                                <small><?= $block->escapeHtml(__('Invoice and shipment types do not match for some items on this order. You can create a shipment only after creating the invoice.')) ?></small>
+                            <?php endif; ?>
                         <?php endif; ?>
-                    <?php endif; ?>
-                    <div id="tracking" style="display:none;"><?= $block->getChildHtml('tracking', false) ?></div>
+                        <div id="tracking" style="display:none;"><?= $block->getChildHtml('tracking', false) ?></div>
+                    </div>
                 </div>
-            </div>
             <?php endif; ?>
         </div>
     </section>
@@ -90,7 +91,7 @@ require(['prototype'], function(){
     }
 
     /*forced creating of shipment*/
-    var forcedShipmentCreate = <?= /* @escapeNotVerified */ $block->getForcedShipmentCreate() ?>;
+    var forcedShipmentCreate = <?= /* @noEscape */ $block->getForcedShipmentCreate() ?>;
     var shipmentElement = $('invoice_do_shipment');
     if (forcedShipmentCreate && shipmentElement) {
         shipmentElement.checked = true;
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/items.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/items.phtml
index 872be35cff206..9837a6b3c209b 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/items.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/items.phtml
@@ -3,48 +3,44 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-
 <section class="admin__page-section">
     <div class="admin__page-section-title">
         <?php $_itemsGridLabel = $block->getForcedShipmentCreate() ? 'Items to Invoice and Ship' : 'Items to Invoice'; ?>
-        <span class="title"><?= /* @escapeNotVerified */ __('%1', $_itemsGridLabel) ?></span>
+        <span class="title"><?= $block->escapeHtml(__('%1', $_itemsGridLabel)) ?></span>
     </div>
     <div class="admin__page-section-content grid">
         <div class="admin__table-wrapper">
             <table class="data-table admin__table-primary order-invoice-tables">
                 <thead>
                     <tr class="headings">
-                        <th class="col-product"><span><?= /* @escapeNotVerified */ __('Product') ?></span></th>
-                        <th class="col-price"><span><?= /* @escapeNotVerified */ __('Price') ?></span></th>
-                        <th class="col-ordered-qty"><span><?= /* @escapeNotVerified */ __('Qty') ?></span></th>
-                        <th class="col-qty-invoice"><span><?= /* @escapeNotVerified */ __('Qty to Invoice') ?></span></th>
-                        <th class="col-subtotal"><span><?= /* @escapeNotVerified */ __('Subtotal') ?></span></th>
-                        <th class="col-tax"><span><?= /* @escapeNotVerified */ __('Tax Amount') ?></span></th>
-                        <th class="col-discount"><span><?= /* @escapeNotVerified */ __('Discount Amount') ?></span></th>
-                        <th class="col-total last"><span><?= /* @escapeNotVerified */ __('Row Total') ?></span></th>
+                        <th class="col-product"><span><?= $block->escapeHtml(__('Product')) ?></span></th>
+                        <th class="col-price"><span><?= $block->escapeHtml(__('Price')) ?></span></th>
+                        <th class="col-ordered-qty"><span><?= $block->escapeHtml(__('Qty')) ?></span></th>
+                        <th class="col-qty-invoice"><span><?= $block->escapeHtml(__('Qty to Invoice')) ?></span></th>
+                        <th class="col-subtotal"><span><?= $block->escapeHtml(__('Subtotal')) ?></span></th>
+                        <th class="col-tax"><span><?= $block->escapeHtml(__('Tax Amount')) ?></span></th>
+                        <th class="col-discount"><span><?= $block->escapeHtml(__('Discount Amount')) ?></span></th>
+                        <th class="col-total last"><span><?= $block->escapeHtml(__('Row Total')) ?></span></th>
                     </tr>
                 </thead>
-                <?php if ($block->canEditQty()): ?>
-                <tfoot>
-                    <tr>
-                        <td colspan="3">&nbsp;</td>
-                        <td><?= $block->getUpdateButtonHtml() ?></td>
-                        <td colspan="4">&nbsp;</td>
-                    </tr>
-                </tfoot>
+                <?php if ($block->canEditQty()) : ?>
+                    <tfoot>
+                        <tr>
+                            <td colspan="3">&nbsp;</td>
+                            <td><?= $block->getUpdateButtonHtml() ?></td>
+                            <td colspan="4">&nbsp;</td>
+                        </tr>
+                    </tfoot>
                 <?php endif; ?>
                 <?php $_items = $block->getInvoice()->getAllItems() ?>
-                <?php $_i = 0; foreach ($_items as $_item): ?>
-                <?php if ($_item->getOrderItem()->getParentItem()) {
-                    continue;
-                } else {
-                    $_i++;
-                } ?>
-                    <tbody class="<?= /* @escapeNotVerified */ $_i%2 ? 'even' : 'odd' ?>">
+                <?php $_i = 0; foreach ($_items as $_item) : ?>
+                    <?php if ($_item->getOrderItem()->getParentItem()) :
+                        continue;
+                    else :
+                        $_i++;
+                    endif; ?>
+                    <tbody class="<?= /* @noEscape */ $_i%2 ? 'even' : 'odd' ?>">
                         <?= $block->getItemHtml($_item) ?>
                         <?= $block->getItemExtraInfoHtml($_item->getOrderItem()) ?>
                     </tbody>
@@ -56,29 +52,29 @@
 
 <?php $orderTotalBar = $block->getChildHtml('order_totalbar'); ?>
 
-<?php if (!empty($orderTotalBar)): ?>
+<?php if (!empty($orderTotalBar)) : ?>
 <section class="admin__page-section">
-    <?= /* @escapeNotVerified */ $orderTotalBar ?>
+    <?= /* @noEscape */ $orderTotalBar ?>
 </section>
 <?php endif; ?>
 
 <section class="admin__page-section">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Order Total') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Order Total')) ?></span>
     </div>
     <div class="admin__page-section-content">
         <div class="admin__page-section-item order-comments-history">
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Invoice History') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Invoice History')) ?></span>
             </div>
             <div id="history_form" class="admin__page-section-item-content order-history-form">
                 <div class="admin__field">
                     <label for="invoice_comment_text" class="admin__field-label">
-                        <span><?= /* @escapeNotVerified */ __('Invoice Comments') ?></span>
+                        <span><?= $block->escapeHtml(__('Invoice Comments')) ?></span>
                     </label>
                     <div class="admin__field-control">
                         <textarea id="invoice_comment_text" name="invoice[comment_text]" class="admin__control-textarea"
-                                  rows="3" cols="5"><?= /* @escapeNotVerified */ $block->getInvoice()->getCommentText() ?></textarea>
+                                  rows="3" cols="5"><?= $block->escapeHtml($block->getInvoice()->getCommentText()) ?></textarea>
                     </div>
                 </div>
             </div>
@@ -86,41 +82,41 @@
 
         <div id="invoice_totals" class="admin__page-section-item order-totals">
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Invoice Totals') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Invoice Totals')) ?></span>
             </div>
             <div class="admin__page-section-item-content order-totals-actions">
                 <?= $block->getChildHtml('invoice_totals') ?>
-                <?php if ($block->isCaptureAllowed()): ?>
-                <?php if ($block->canCapture()):?>
-                    <div class="admin__field">
-                        <?php
-                        /*
-                        <label for="invoice_do_capture" class="normal"><?= __('Capture Amount') ?></label>
-                        <input type="checkbox" name="invoice[do_capture]" id="invoice_do_capture" value="1" checked/>
-                        */
-                        ?>
-                      <label for="invoice_do_capture" class="admin__field-label"><?= /* @escapeNotVerified */ __('Amount') ?></label>
-                      <select class="admin__control-select" name="invoice[capture_case]">
-                          <option value="online"><?= /* @escapeNotVerified */ __('Capture Online') ?></option>
-                          <option value="offline"><?= /* @escapeNotVerified */ __('Capture Offline') ?></option>
-                          <option value="not_capture"><?= /* @escapeNotVerified */ __('Not Capture') ?></option>
-                      </select>
-                    </div>
-                <?php elseif ($block->isGatewayUsed()):?>
-                    <input type="hidden" name="invoice[capture_case]" value="offline"/>
-                    <div><?= /* @escapeNotVerified */ __('The invoice will be created offline without the payment gateway.') ?></div>
-                <?php endif?>
+                <?php if ($block->isCaptureAllowed()) : ?>
+                    <?php if ($block->canCapture()) : ?>
+                        <div class="admin__field">
+                            <?php
+                            /*
+                            <label for="invoice_do_capture" class="normal"><?= __('Capture Amount') ?></label>
+                            <input type="checkbox" name="invoice[do_capture]" id="invoice_do_capture" value="1" checked/>
+                            */
+                            ?>
+                          <label for="invoice_do_capture" class="admin__field-label"><?= $block->escapeHtml(__('Amount')) ?></label>
+                          <select class="admin__control-select" name="invoice[capture_case]">
+                              <option value="online"><?= $block->escapeHtml(__('Capture Online')) ?></option>
+                              <option value="offline"><?= $block->escapeHtml(__('Capture Offline')) ?></option>
+                              <option value="not_capture"><?= $block->escapeHtml(__('Not Capture')) ?></option>
+                          </select>
+                        </div>
+                    <?php elseif ($block->isGatewayUsed()) :?>
+                        <input type="hidden" name="invoice[capture_case]" value="offline"/>
+                        <div><?= $block->escapeHtml(__('The invoice will be created offline without the payment gateway.')) ?></div>
+                    <?php endif; ?>
                 <?php endif; ?>
                 <div class="admin__field admin__field-option field-append">
                     <input id="notify_customer" name="invoice[comment_customer_notify]" value="1" type="checkbox"
                            class="admin__control-checkbox" />
-                    <label class="admin__field-label" for="notify_customer"><?= /* @escapeNotVerified */ __('Append Comments') ?></label>
+                    <label class="admin__field-label" for="notify_customer"><?= $block->escapeHtml(__('Append Comments')) ?></label>
                 </div>
-                <?php if ($block->canSendInvoiceEmail()): ?>
+                <?php if ($block->canSendInvoiceEmail()) : ?>
                 <div class="admin__field admin__field-option field-email">
                     <input id="send_email" name="invoice[send_email]" value="1" type="checkbox"
                            class="admin__control-checkbox" />
-                    <label class="admin__field-label" for="send_email"><?= /* @escapeNotVerified */ __('Email Copy of Invoice') ?></label>
+                    <label class="admin__field-label" for="send_email"><?= $block->escapeHtml(__('Email Copy of Invoice')) ?></label>
                 </div>
                 <?php endif; ?>
                 <?= $block->getChildHtml('submit_before') ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/items/renderer/default.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/items/renderer/default.phtml
index 5bfb5f130cedb..0e0b4ea3e9e31 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/items/renderer/default.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php /** @var $block \Magento\Sales\Block\Adminhtml\Items\Renderer\DefaultRenderer */ ?>
 <?php $_item = $block->getItem() ?>
@@ -18,17 +15,17 @@
     <td class="col-qty-invoice">
     <?php if ($block->canEditQty()) : ?>
         <input type="text" class="input-text admin__control-text qty-input"
-               name="invoice[items][<?= /* @escapeNotVerified */ $_item->getOrderItemId() ?>]"
-               value="<?= /* @escapeNotVerified */ $_item->getQty()*1 ?>"/>
+               name="invoice[items][<?= (int) $_item->getOrderItemId() ?>]"
+               value="<?= (int) $_item->getQty()*1 ?>"/>
     <?php else : ?>
-        <?= /* @escapeNotVerified */ $_item->getQty()*1 ?>
+        <?= (int) $_item->getQty()*1 ?>
     <?php endif; ?>
     </td>
     <td class="col-subtotal">
         <?= $block->getColumnHtml($_item, 'subtotal') ?>
     </td>
-    <td class="col-tax"><?= /* @escapeNotVerified */ $block->displayPriceAttribute('tax_amount') ?></td>
-    <td class="col-discount"><?= /* @escapeNotVerified */ $block->displayPriceAttribute('discount_amount') ?></td>
+    <td class="col-tax"><?= /* @noEscape */ $block->displayPriceAttribute('tax_amount') ?></td>
+    <td class="col-discount"><?= /* @noEscape */ $block->displayPriceAttribute('discount_amount') ?></td>
     <td class="col-total last">
         <?= $block->getColumnHtml($_item, 'total') ?>
     </td>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/form.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/form.phtml
index e86a87f089897..784d3f892f2c4 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/form.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/form.phtml
@@ -4,8 +4,9 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
+// phpcs:disable Magento2.Templates.ThisInTemplate
 
+/* @var \Magento\Sales\Block\Adminhtml\Order\Invoice\View\Form $block */
 ?>
 <?php $_invoice = $block->getInvoice() ?>
 <?php $_order = $_invoice->getOrder() ?>
@@ -13,46 +14,46 @@
 
 <section class="admin__page-section order-view-billing-shipping">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Payment &amp; Shipping Method') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Payment &amp; Shipping Method')) ?></span>
     </div>
     <div class="admin__page-section-content">
-        <div class="admin__page-section-item order-payment-method<?php if ($_order->getIsVirtual()): ?> order-payment-method-virtual<?php endif; ?> admin__fieldset-wrapper">
+        <div class="admin__page-section-item order-payment-method<?php if ($_order->getIsVirtual()) : ?> order-payment-method-virtual<?php endif; ?> admin__fieldset-wrapper">
             <?php /*Billing Address */ ?>
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Payment Information') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Payment Information')) ?></span>
             </div>
             <div class="admin__page-section-item-content">
                 <div class="order-payment-method-title"><?= $block->getChildHtml('order_payment') ?></div>
                 <div class="order-payment-currency">
-                    <?= /* @escapeNotVerified */ __('The order was placed using %1.', $_order->getOrderCurrencyCode()) ?>
+                    <?= $block->escapeHtml(__('The order was placed using %1.', $_order->getOrderCurrencyCode())) ?>
                 </div>
                 <div class="order-payment-additional"><?= $block->getChildHtml('order_payment_additional') ?></div>
             </div>
         </div>
 
-        <?php if (!$_order->getIsVirtual()): ?>
+        <?php if (!$_order->getIsVirtual()) : ?>
             <div class="admin__page-section-item order-shipping-address">
                 <?php /*Shipping Address */ ?>
                 <div class="admin__page-section-item-title">
-                    <span class="title"><?= /* @escapeNotVerified */ __('Shipping Information') ?></span>
+                    <span class="title"><?= $block->escapeHtml(__('Shipping Information')) ?></span>
                 </div>
                 <div class="admin__page-section-item-content shipping-description-wrapper">
                     <div class="shipping-description-title">
                         <?= $block->escapeHtml($_order->getShippingDescription()) ?>
                     </div>
                     <div class="shipping-description-content">
-                        <?= /* @escapeNotVerified */ __('Total Shipping Charges') ?>:
+                        <?= $block->escapeHtml(__('Total Shipping Charges')) ?>:
 
-                        <?php if ($this->helper('Magento\Tax\Helper\Data')->displayShippingPriceIncludingTax()): ?>
+                        <?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displayShippingPriceIncludingTax()) : ?>
                             <?php $_excl = $block->displayShippingPriceInclTax($_order); ?>
-                        <?php else: ?>
+                        <?php else : ?>
                             <?php $_excl = $block->displayPriceAttribute('shipping_amount', false, ' '); ?>
                         <?php endif; ?>
                         <?php $_incl = $block->displayShippingPriceInclTax($_order); ?>
 
-                        <?= /* @escapeNotVerified */ $_excl ?>
-                        <?php if ($this->helper('Magento\Tax\Helper\Data')->displayShippingBothPrices() && $_incl != $_excl): ?>
-                            (<?= /* @escapeNotVerified */ __('Incl. Tax') ?> <?= /* @escapeNotVerified */ $_incl ?>)
+                        <?= /* @noEscape */ $_excl ?>
+                        <?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displayShippingBothPrices() && $_incl != $_excl) : ?>
+                            (<?= $block->escapeHtml(__('Incl. Tax')) ?> <?= /* @noEscape */ $_incl ?>)
                         <?php endif; ?>
                         <div><?= $block->getChildHtml('shipment_tracking') ?></div>
                     </div>
@@ -65,7 +66,7 @@
 
 <section class="admin__page-section">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Items Invoiced') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Items Invoiced')) ?></span>
     </div>
 
     <div id="invoice_item_container" class="admin__page-section-content">
@@ -75,12 +76,12 @@
 
 <section class="admin__page-section">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Order Total') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Order Total')) ?></span>
     </div>
     <div class="admin__page-section-content">
         <div class="admin__page-section-item order-comments-history">
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Invoice History') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Invoice History')) ?></span>
             </div>
             <div class="admin__page-section-item-content">
                 <?= $block->getChildHtml('order_comments') ?>
@@ -89,7 +90,7 @@
 
         <div id="history_form" class="admin__page-section-item order-totals">
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Invoice Totals') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Invoice Totals')) ?></span>
             </div>
             <?= $block->getChildHtml('invoice_totals') ?>
         </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/items.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/items.phtml
index 63f33dbb74bad..6dbfd19e9a2c7 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/items.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/items.phtml
@@ -4,30 +4,29 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+/* @var \Magento\Sales\Block\Adminhtml\Order\Invoice\View\Items $block */
 ?>
 <div class="admin__table-wrapper">
     <table class="data-table admin__table-primary order-invoice-tables">
         <thead>
             <tr class="headings">
-                <th class="col-product"><span><?= /* @escapeNotVerified */ __('Product') ?></span></th>
-                <th class="col-price"><span><?= /* @escapeNotVerified */ __('Price') ?></span></th>
-                <th class="col-qty"><span><?= /* @escapeNotVerified */ __('Qty') ?></span></th>
-                <th class="col-subtotal"><span><?= /* @escapeNotVerified */ __('Subtotal') ?></span></th>
-                <th class="col-tax"><span><?= /* @escapeNotVerified */ __('Tax Amount') ?></span></th>
-                <th class="col-discount"><span><?= /* @escapeNotVerified */ __('Discount Amount') ?></span></th>
-                <th class="col-total last"><span><?= /* @escapeNotVerified */ __('Row Total') ?></span></th>
+                <th class="col-product"><span><?= $block->escapeHtml(__('Product')) ?></span></th>
+                <th class="col-price"><span><?= $block->escapeHtml(__('Price')) ?></span></th>
+                <th class="col-qty"><span><?= $block->escapeHtml(__('Qty')) ?></span></th>
+                <th class="col-subtotal"><span><?= $block->escapeHtml(__('Subtotal')) ?></span></th>
+                <th class="col-tax"><span><?= $block->escapeHtml(__('Tax Amount')) ?></span></th>
+                <th class="col-discount"><span><?= $block->escapeHtml(__('Discount Amount')) ?></span></th>
+                <th class="col-total last"><span><?= $block->escapeHtml(__('Row Total')) ?></span></th>
             </tr>
         </thead>
         <?php $_items = $block->getInvoice()->getAllItems() ?>
-        <?php $i = 0; foreach ($_items as $_item): ?>
-            <?php if ($_item->getOrderItem()->getParentItem()) {
-            continue;
-        } else {
-            $i++;
-        } ?>
-            <tbody class="<?= /* @escapeNotVerified */ $i%2 ? 'even' : 'odd' ?>">
+        <?php $i = 0; foreach ($_items as $_item) : ?>
+            <?php if ($_item->getOrderItem()->getParentItem()) :
+                continue;
+            else :
+                $i++;
+            endif; ?>
+            <tbody class="<?= /* @noEscape */ $i%2 ? 'even' : 'odd' ?>">
                 <?= $block->getItemHtml($_item) ?>
                 <?= $block->getItemExtraInfoHtml($_item->getOrderItem()) ?>
             </tbody>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/items/renderer/default.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/items/renderer/default.phtml
index af9e5b3bb702d..50142150716f6 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/items/renderer/default.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php /** @var $block \Magento\Sales\Block\Adminhtml\Items\Renderer\DefaultRenderer */ ?>
 <?php $_item = $block->getItem() ?>
@@ -16,12 +13,12 @@
     <td class="col-price">
         <?= $block->getColumnHtml($_item, 'price') ?>
     </td>
-    <td class="col-qty"><?= /* @escapeNotVerified */ $_item->getQty()*1 ?></td>
+    <td class="col-qty"><?= (int) $_item->getQty()*1 ?></td>
     <td class="col-subtotal">
         <?= $block->getColumnHtml($_item, 'subtotal') ?>
     </td>
-    <td class="col-tax"><?= /* @escapeNotVerified */ $block->displayPriceAttribute('tax_amount') ?></td>
-    <td class="col-discount"><?= /* @escapeNotVerified */ $block->displayPriceAttribute('discount_amount') ?></td>
+    <td class="col-tax"><?= /* @noEscape */ $block->displayPriceAttribute('tax_amount') ?></td>
+    <td class="col-discount"><?= /* @noEscape */ $block->displayPriceAttribute('discount_amount') ?></td>
     <td class="col-total last">
         <?= $block->getColumnHtml($_item, 'total') ?>
     </td>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totalbar.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totalbar.phtml
index 14025eb2dd51a..6d872fa1e6427 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totalbar.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totalbar.phtml
@@ -5,11 +5,9 @@
  */
 
 // @deprecated
-// @codingStandardsIgnoreFile
-
 $totals = $block->getTotals();
 ?>
-<?php if ($totals && count($totals) > 0): ?>
+<?php if ($totals && count($totals) > 0) : ?>
 <table class="items-to-invoice">
     <tr>
     <?php foreach ($totals as $total): ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totals.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totals.phtml
index 27b82505a11d3..a1c3ebb7aa675 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totals.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totals.phtml
@@ -4,59 +4,58 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+/* @var \Magento\Sales\Block\Adminhtml\Order\Totals $block */
 ?>
 <table class="data-table admin__table-secondary order-subtotal-table">
-    <?php $_totals = $block->getTotals('footer')?>
+    <?php $_totals = $block->getTotals('footer') ?>
 
-    <?php if ($_totals):?>
+    <?php if ($_totals) : ?>
         <tfoot>
-            <?php foreach ($block->getTotals('footer') as $_code => $_total): ?>
-                <?php if ($_total->getBlockName()): ?>
+            <?php foreach ($block->getTotals('footer') as $_code => $_total) : ?>
+                <?php if ($_total->getBlockName()) : ?>
                     <?= $block->getChildHtml($_total->getBlockName(), false) ?>
-                <?php else:?>
-                <tr class="col-<?= /* @escapeNotVerified */ $_code ?>">
-                    <td <?= /* @escapeNotVerified */ $block->getLabelProperties() ?> class="label">
+                <?php else : ?>
+                <tr class="col-<?= $block->escapeHtmlAttr($_code) ?>">
+                    <td <?= $block->escapeHtmlAttr($block->getLabelProperties()) ?> class="label">
                         <strong><?= $block->escapeHtml($_total->getLabel()) ?></strong>
                     </td>
-                    <td <?= /* @escapeNotVerified */ $block->getValueProperties() ?>>
-                        <strong><?= /* @escapeNotVerified */ $block->formatValue($_total) ?></strong>
+                    <td <?= $block->escapeHtmlAttr($block->getValueProperties()) ?>>
+                        <strong><?= /* @noEscape */ $block->formatValue($_total) ?></strong>
                     </td>
                 </tr>
-                <?php endif?>
-            <?php endforeach?>
+                <?php endif; ?>
+            <?php endforeach; ?>
         </tfoot>
-    <?php endif?>
+    <?php endif; ?>
 
     <?php $_totals = $block->getTotals('')?>
-    <?php if ($_totals):?>
+    <?php if ($_totals) : ?>
         <tbody>
-            <?php foreach ($_totals as $_code => $_total): ?>
-                <?php if ($_total->getBlockName()): ?>
+            <?php foreach ($_totals as $_code => $_total) : ?>
+                <?php if ($_total->getBlockName()) : ?>
                     <?= $block->getChildHtml($_total->getBlockName(), false) ?>
-                <?php else:?>
-                    <tr class="col-<?= /* @escapeNotVerified */ $_code ?>">
-                        <td <?= /* @escapeNotVerified */ $block->getLabelProperties() ?> class="label">
-                            <?php if ($_total->getStrong()):?>
+                <?php else : ?>
+                    <tr class="col-<?= $block->escapeHtmlAttr($_code) ?>">
+                        <td <?= /* @noEscape */ $block->getLabelProperties() ?> class="label">
+                            <?php if ($_total->getStrong()) : ?>
                             <strong><?= $block->escapeHtml($_total->getLabel()) ?></strong>
-                            <?php else:?>
+                            <?php else : ?>
                             <?= $block->escapeHtml($_total->getLabel()) ?>
                             <?php endif?>
                         </td>
 
-                        <?php if ($_total->getStrong()):?>
-                            <td <?= /* @escapeNotVerified */ $block->getValueProperties() ?>>
-                                <strong><?= /* @escapeNotVerified */ $block->formatValue($_total) ?></strong>
+                        <?php if ($_total->getStrong()) : ?>
+                            <td <?= $block->escapeHtmlAttr($block->getValueProperties()) ?>>
+                                <strong><?= /* @noEscape */ $block->formatValue($_total) ?></strong>
                             </td>
-                        <?php else:?>
-                            <td <?= /* @escapeNotVerified */ $block->getValueProperties() ?>>
-                                <span><?= /* @escapeNotVerified */ $block->formatValue($_total) ?></span>
+                        <?php else : ?>
+                            <td <?= $block->escapeHtmlAttr($block->getValueProperties()) ?>>
+                                <span><?= /* @noEscape */ $block->formatValue($_total) ?></span>
                             </td>
-                        <?php endif?>
+                        <?php endif; ?>
                     </tr>
-                <?php endif?>
-            <?php endforeach?>
+                <?php endif; ?>
+            <?php endforeach; ?>
         </tbody>
-    <?php endif?>
+    <?php endif; ?>
 </table>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/discount.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/discount.phtml
index db2567a5f3dbf..9ff3a91eab7ce 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/discount.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/discount.phtml
@@ -3,23 +3,20 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_source  = $block->getSource() ?>
 <?php $_order   = $block->getOrder() ?>
 <?php $block->setPriceDataObject($_source) ?>
 
-<?php if ((float) $_source->getDiscountAmount()): ?>
+<?php if ((float) $_source->getDiscountAmount()) : ?>
     <tr>
         <td class="label">
-            <?php if ($_order->getCouponCode()): ?>
-                <?= /* @escapeNotVerified */ __('Discount (%1)', $_order->getCouponCode()) ?>
-            <?php else: ?>
-                <?= /* @escapeNotVerified */ __('Discount') ?>
+            <?php if ($_order->getCouponCode()) : ?>
+                <?= $block->escapeHtml(__('Discount (%1)', $_order->getCouponCode())) ?>
+            <?php else : ?>
+                <?= $block->escapeHtml(__('Discount')) ?>
             <?php endif; ?>
         </td>
-        <td><?= /* @escapeNotVerified */ $block->displayPriceAttribute('discount_amount') ?></td>
+        <td><?= /* @noEscape */ $block->displayPriceAttribute('discount_amount') ?></td>
     </tr>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/due.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/due.phtml
index 81402e37288ef..87d7c85c2d9ed 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/due.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/due.phtml
@@ -3,13 +3,10 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<?php if ($block->getCanDisplayTotalDue()): ?>
+<?php if ($block->getCanDisplayTotalDue()) : ?>
 <tr>
-    <td class="label"><big><strong><?= /* @escapeNotVerified */ __('Total Due') ?></strong></big></td>
-    <td class="emph"><big><?= /* @escapeNotVerified */ $block->displayPriceAttribute('total_due', true) ?></big></td>
+    <td class="label"><big><strong><?= $block->escapeHtml(__('Total Due')) ?></strong></big></td>
+    <td class="emph"><big><?= /* @noEscape */ $block->displayPriceAttribute('total_due', true) ?></big></td>
 </tr>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/grand.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/grand.phtml
index 519aa660fbf12..dc76799251c7a 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/grand.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/grand.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_source  = $block->getSource() ?>
 <?php $block->setPriceDataObject($_source) ?>
@@ -13,12 +10,12 @@
 <tr>
     <td class="label">
         <strong><big>
-        <?php if ($block->getGrandTotalTitle()): ?>
-            <?= /* @escapeNotVerified */ $block->getGrandTotalTitle() ?>
-        <?php else: ?>
-            <?= /* @escapeNotVerified */ __('Grand Total') ?>
+        <?php if ($block->getGrandTotalTitle()) : ?>
+            <?= $block->escapeHtml($block->getGrandTotalTitle()) ?>
+        <?php else : ?>
+            <?= $block->escapeHtml(__('Grand Total')) ?>
         <?php endif; ?>
         </big></strong>
     </td>
-    <td class="emph"><big><?= /* @escapeNotVerified */ $block->displayPriceAttribute('grand_total', true) ?></big></td>
+    <td class="emph"><big><?= /* @noEscape */ $block->displayPriceAttribute('grand_total', true) ?></big></td>
 </tr>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/item.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/item.phtml
index 6c44e6ec632a7..905681ecc2795 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/item.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/item.phtml
@@ -3,16 +3,21 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<?php $_source  = $block->getSource() ?>
+<?php $_source = $block->getSource() ?>
 <?php $block->setPriceDataObject($_source) ?>
 
-<?php if ((float) $_source->getDataUsingMethod($block->getSourceField())): ?>
+<?php if ((float) $_source->getDataUsingMethod($block->getSourceField())) : ?>
     <tr>
-        <td class="label"><?php if ($block->getStrong()) : ?><strong><?php endif; ?><?= /* @escapeNotVerified */ __($block->getLabel()) ?><?php if ($block->getStrong()) : ?></strong><?php endif; ?></td>
-        <td <?= $block->getHtmlClass() ? ('class="' . $block->getHtmlClass() . '"') : '' ?>><?php if ($block->getStrong()) : ?><strong><?php endif; ?><?= /* @escapeNotVerified */ $block->displayPriceAttribute($block->getSourceField()) ?><?php if ($block->getStrong()) : ?></strong><?php endif; ?></td>
+        <td class="label">
+            <?php if ($block->getStrong()) : ?>
+                <strong><?php endif; ?><?= $block->escapeHtml(__($block->getLabel())) ?><?php if ($block->getStrong()) : ?></strong>
+            <?php endif; ?>
+        </td>
+        <td <?= $block->getHtmlClass() ? ('class="' . $block->getHtmlClass() . '"') : '' ?>>
+            <?php if ($block->getStrong()) : ?><strong><?php endif; ?>
+            <?= /* @noEscape */ $block->displayPriceAttribute($block->getSourceField()) ?>
+            <?php if ($block->getStrong()) : ?></strong><?php endif; ?>
+        </td>
     </tr>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/paid.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/paid.phtml
index 8befc7cc0ccb4..28e0a44092e99 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/paid.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/paid.phtml
@@ -3,14 +3,11 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php if ($block->getCanDisplayTotalPaid()): ?>
 <tr>
-    <td class="label"><strong><?= /* @escapeNotVerified */ __('Total Paid') ?></strong></td>
-    <td class="emph"><?= /* @escapeNotVerified */ $block->displayPriceAttribute('total_paid', true) ?>
+    <td class="label"><strong><?= $block->escapeHtml(__('Total Paid')) ?></strong></td>
+    <td class="emph"><?= /* @noEscape */ $block->displayPriceAttribute('total_paid', true) ?>
     </td>
 </tr>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/refunded.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/refunded.phtml
index e579578f711ae..1e7087c7222c3 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/refunded.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/refunded.phtml
@@ -3,13 +3,10 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<?php if ($block->getCanDisplayTotalRefunded()): ?>
+<?php if ($block->getCanDisplayTotalRefunded()) : ?>
 <tr>
-    <td class="label"><strong><?= /* @escapeNotVerified */ __('Total Refunded') ?></strong></td>
-    <td class="emph"><?= /* @escapeNotVerified */ $block->displayPriceAttribute('total_refunded', true) ?></td>
+    <td class="label"><strong><?= $block->escapeHtml(__('Total Refunded')) ?></strong></td>
+    <td class="emph"><?= /* @noEscape */ $block->displayPriceAttribute('total_refunded', true) ?></td>
 </tr>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/shipping.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/shipping.phtml
index 47304bf7f4a7e..4250dc1d047ba 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/shipping.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/shipping.phtml
@@ -3,16 +3,13 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_source  = $block->getSource() ?>
 <?php $block->setPriceDataObject($_source) ?>
 
-<?php if ((float) $_source->getShippingAmount() || $_source->getShippingDescription()): ?>
+<?php if ((float) $_source->getShippingAmount() || $_source->getShippingDescription()) : ?>
     <tr>
-        <td class="label"><?= /* @escapeNotVerified */ __('Shipping &amp; Handling') ?></td>
-        <td><?= /* @escapeNotVerified */ $block->displayPriceAttribute('shipping_amount') ?></td>
+        <td class="label"><?= $block->escapeHtml(__('Shipping &amp; Handling')) ?></td>
+        <td><?= /* @noEscape */ $block->displayPriceAttribute('shipping_amount') ?></td>
     </tr>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/tax.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/tax.phtml
index 284597027468d..a68fb09fd2058 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/tax.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/tax.phtml
@@ -4,42 +4,41 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
+// phpcs:disable Magento2.Templates.ThisInTemplate
 
 /** @var $block \Magento\Sales\Block\Adminhtml\Order\Totals\Tax */
-?>
-<?php
+
 /** @var $_source \Magento\Sales\Model\Order\Invoice */
 $_source    = $block->getSource();
 $_order     = $block->getOrder();
 $_fullInfo  = $block->getFullTaxInfo();
 ?>
 
-<?php if ($block->displayFullSummary() && $_fullInfo): ?>
+<?php if ($block->displayFullSummary() && $_fullInfo) : ?>
 <tr class="summary-total" onclick="expandDetails(this, '.summary-details')">
-<?php else: ?>
+<?php else : ?>
 <tr>
     <?php endif; ?>
     <td class="label">
         <div class="summary-collapse" tabindex="0">
-            <?php if ($this->helper('Magento\Tax\Helper\Data')->displayFullSummary()): ?>
-                <?= /* @escapeNotVerified */ __('Total Tax') ?>
-            <?php else: ?>
-                <?= /* @escapeNotVerified */ __('Tax') ?>
+            <?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displayFullSummary()) : ?>
+                <?= $block->escapeHtml(__('Total Tax')) ?>
+            <?php else : ?>
+                <?= $block->escapeHtml(__('Tax')) ?>
             <?php endif;?>
         </div>
     </td>
     <td>
-        <?= /* @escapeNotVerified */ $block->displayAmount($_source->getTaxAmount(), $_source->getBaseTaxAmount()) ?>
+        <?= /* @noEscape */ $block->displayAmount($_source->getTaxAmount(), $_source->getBaseTaxAmount()) ?>
     </td>
 </tr>
-<?php if ($block->displayFullSummary()): ?>
+<?php if ($block->displayFullSummary()) : ?>
     <?php $isTop = 1; ?>
-    <?php if (isset($_fullInfo[0]['rates'])): ?>
-        <?php foreach ($_fullInfo as $info): ?>
-            <?php if (isset($info['hidden']) && $info['hidden']) {
+    <?php if (isset($_fullInfo[0]['rates'])) : ?>
+        <?php foreach ($_fullInfo as $info) : ?>
+            <?php if (isset($info['hidden']) && $info['hidden']) :
                 continue;
-            } ?>
+            endif; ?>
             <?php
             $percent    = $info['percent'];
             $amount     = $info['amount'];
@@ -48,39 +47,38 @@ $_fullInfo  = $block->getFullTaxInfo();
             $isFirst    = 1;
             ?>
 
-            <?php foreach ($rates as $rate): ?>
-            <tr class="summary-details<?php if ($isTop): echo ' summary-details-first'; endif; ?>" style="display:none;">
-                <?php if (!is_null($rate['percent'])): ?>
-                    <td class="admin__total-mark"><?= /* @escapeNotVerified */ $rate['title'] ?> (<?= (float)$rate['percent'] ?>%)<br /></td>
-                <?php else: ?>
-                    <td class="admin__total-mark"><?= /* @escapeNotVerified */ $rate['title'] ?><br /></td>
-                <?php endif; ?>
-                <?php if ($isFirst): ?>
-                    <td rowspan="<?= count($rates) ?>"><?= /* @escapeNotVerified */ $block->displayAmount($amount, $baseAmount) ?></td>
-                <?php endif; ?>
-            </tr>
-            <?php
+            <?php foreach ($rates as $rate) : ?>
+                <tr class="summary-details<?= ($isTop ? ' summary-details-first' : '') ?>" style="display:none;">
+                    <?php if ($rate['percent'] !== null) : ?>
+                        <td class="admin__total-mark"><?= $block->escapeHtml($rate['title']) ?> (<?= (float)$rate['percent'] ?>%)<br /></td>
+                    <?php else : ?>
+                        <td class="admin__total-mark"><?= $block->escapeHtml($rate['title']) ?><br /></td>
+                    <?php endif; ?>
+                    <?php if ($isFirst) : ?>
+                        <td rowspan="<?= count($rates) ?>"><?= /* @noEscape */ $block->displayAmount($amount, $baseAmount) ?></td>
+                    <?php endif; ?>
+                </tr>
+                <?php
                 $isFirst = 0;
                 $isTop = 0;
                 ?>
             <?php endforeach; ?>
         <?php endforeach; ?>
-    <?php else: ?>
-        <?php foreach ($_fullInfo as $info): ?>
+    <?php else : ?>
+        <?php foreach ($_fullInfo as $info) : ?>
             <?php
             $percent    = $info['percent'];
             $amount     = $info['tax_amount'];
             $baseAmount = $info['base_tax_amount'];
             $isFirst    = 1;
             ?>
-
-            <tr class="summary-details<?php if ($isTop): echo ' summary-details-first'; endif; ?>" style="display:none;">
-                <?php if (!is_null($info['percent'])): ?>
+            <tr class="summary-details<?= ($isTop ? ' summary-details-first' : '') ?>" style="display:none;">
+                <?php if ($info['percent'] !== null) : ?>
                     <td class="admin__total-mark"><?= $block->escapeHtml($info['title']) ?> (<?= (float)$info['percent'] ?>%)<br /></td>
-                <?php else: ?>
+                <?php else : ?>
                     <td class="admin__total-mark"><?= $block->escapeHtml($info['title']) ?><br /></td>
                 <?php endif; ?>
-                    <td><?= /* @escapeNotVerified */ $block->displayAmount($amount, $baseAmount) ?></td>
+                    <td><?= /* @noEscape */ $block->displayAmount($amount, $baseAmount) ?></td>
             </tr>
             <?php
             $isFirst = 0;
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/view/giftmessage.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/view/giftmessage.phtml
index 393af3e40d6eb..c0a51ef42c140 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/view/giftmessage.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/view/giftmessage.phtml
@@ -4,61 +4,60 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+/** @var $block \Magento\Sales\Block\Adminhtml\Order\View\Giftmessage */
 ?>
-<?php if ($block->canDisplayGiftmessage()): ?>
-<?php $_required = $block->getMessage()->getMessage() != ''?>
-<div id="<?= $block->getHtmlId() ?>" class="admin__page-section-content giftmessage-whole-order-container">
-    <form class="entry-edit form-inline" id="<?= /* @escapeNotVerified */ $block->getFieldId('form') ?>" action="<?= /* @escapeNotVerified */ $block->getSaveUrl() ?>">
-        <fieldset class="admin__fieldset">
-            <legend class="admin__legend"><span><?= /* @escapeNotVerified */ __('Gift Message for the Entire Order') ?></span></legend>
-            <br/>
-
-            <input type="hidden" id="<?= /* @escapeNotVerified */ $block->getFieldId('type') ?>"
-                   name="<?= /* @escapeNotVerified */ $block->getFieldName('type') ?>"
-                   value="order"/>
-
-            <div class="admin__field field-from-name<?= $_required ? ' required' : '' ?>">
-                <label class="admin__field-label"
-                       for="<?= /* @escapeNotVerified */ $block->getFieldId('sender') ?>"><span><?= /* @escapeNotVerified */ __('From Name') ?></span></label>
-
-                <div class="admin__field-control">
-                    <input class="admin__control-text <?= $_required ? 'required-entry' : '' ?>" type="text"
-                           id="<?= /* @escapeNotVerified */ $block->getFieldId('sender') ?>"
-                           name="<?= /* @escapeNotVerified */ $block->getFieldName('sender') ?>"
-                           value="<?= $block->escapeHtml($block->getMessage()->getSender()) ?>"/>
+<?php if ($block->canDisplayGiftmessage()) : ?>
+    <?php $_required = $block->getMessage()->getMessage() != '' ?>
+    <div id="<?= $block->getHtmlId() ?>" class="admin__page-section-content giftmessage-whole-order-container">
+        <form class="entry-edit form-inline" id="<?= $block->escapeHtmlAttr($block->getFieldId('form')) ?>" action="<?= $block->escapeUrl($block->getSaveUrl()) ?>">
+            <fieldset class="admin__fieldset">
+                <legend class="admin__legend"><span><?= $block->escapeHtml(__('Gift Message for the Entire Order')) ?></span></legend>
+                <br/>
+
+                <input type="hidden" id="<?= $block->escapeHtmlAttr($block->getFieldId('type')) ?>"
+                       name="<?= $block->escapeHtmlAttr($block->getFieldName('type')) ?>"
+                       value="order"/>
+
+                <div class="admin__field field-from-name<?= $_required ? ' required' : '' ?>">
+                    <label class="admin__field-label"
+                           for="<?= $block->escapeHtmlAttr($block->getFieldId('sender')) ?>"><span><?= $block->escapeHtml(__('From Name')) ?></span></label>
+
+                    <div class="admin__field-control">
+                        <input class="admin__control-text <?= $_required ? 'required-entry' : '' ?>" type="text"
+                               id="<?= $block->escapeHtmlAttr($block->getFieldId('sender')) ?>"
+                               name="<?= $block->escapeHtmlAttr($block->getFieldName('sender')) ?>"
+                               value="<?= $block->escapeHtml($block->getMessage()->getSender()) ?>"/>
+                    </div>
                 </div>
-            </div>
 
-            <div class="admin__field field-to-name<?= $_required ? ' required' : '' ?>">
-                <label class="admin__field-label"
-                       for="<?= /* @escapeNotVerified */ $block->getFieldId('recipient') ?>"><span><?= /* @escapeNotVerified */ __('To Name') ?></span></label>
+                <div class="admin__field field-to-name<?= $_required ? ' required' : '' ?>">
+                    <label class="admin__field-label"
+                           for="<?= $block->escapeHtmlAttr($block->getFieldId('recipient')) ?>"><span><?= $block->escapeHtml(__('To Name')) ?></span></label>
 
-                <div class="admin__field-control">
-                    <input class="admin__control-text <?= $_required ? 'required-entry' : '' ?>" type="text"
-                           id="<?= /* @escapeNotVerified */ $block->getFieldId('recipient') ?>"
-                           name="<?= /* @escapeNotVerified */ $block->getFieldName('recipient') ?>"
-                           value="<?= $block->escapeHtml($block->getMessage()->getRecipient()) ?>"/>
+                    <div class="admin__field-control">
+                        <input class="admin__control-text <?= $_required ? 'required-entry' : '' ?>" type="text"
+                               id="<?= $block->escapeHtmlAttr($block->getFieldId('recipient')) ?>"
+                               name="<?= $block->escapeHtmlAttr($block->getFieldName('recipient')) ?>"
+                               value="<?= $block->escapeHtml($block->getMessage()->getRecipient()) ?>"/>
+                    </div>
                 </div>
-            </div>
 
-            <div class="admin__field field-gift-message">
-                <label class="admin__field-label"
-                       for="<?= /* @escapeNotVerified */ $block->getFieldId('message') ?>"><span><?= /* @escapeNotVerified */ __('Gift Message') ?></span></label>
-                <div class="admin__field-control">
-                    <textarea id="<?= /* @escapeNotVerified */ $block->getFieldId('message') ?>"
-                              name="<?= /* @escapeNotVerified */ $block->getFieldName('message') ?>"
-                              class="admin__control-textarea"
-                              rows="2"
-                              cols="15"><?= $block->escapeHtml($block->getMessage()->getMessage()) ?></textarea>
+                <div class="admin__field field-gift-message">
+                    <label class="admin__field-label"
+                           for="<?= $block->escapeHtmlAttr($block->getFieldId('message')) ?>"><span><?= $block->escapeHtml(__('Gift Message')) ?></span></label>
+                    <div class="admin__field-control">
+                        <textarea id="<?= $block->escapeHtmlAttr($block->getFieldId('message')) ?>"
+                                  name="<?= $block->escapeHtmlAttr($block->getFieldName('message')) ?>"
+                                  class="admin__control-textarea"
+                                  rows="2"
+                                  cols="15"><?= $block->escapeHtml($block->getMessage()->getMessage()) ?></textarea>
+                    </div>
                 </div>
-            </div>
 
-            <div class="actions">
-                <?= $block->getSaveButtonHtml() ?>
-            </div>
-        </fieldset>
-    </form>
-</div>
+                <div class="actions">
+                    <?= $block->getSaveButtonHtml() ?>
+                </div>
+            </fieldset>
+        </form>
+    </div>
 <?php endif ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/view/history.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/view/history.phtml
index 6ac6e13a873ed..be5a3f417d88e 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/view/history.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/view/history.phtml
@@ -4,19 +4,18 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
 /** @var \Magento\Sales\Block\Adminhtml\Order\View\History $block */
 ?>
 <div id="order_history_block" class="edit-order-comments">
-    <?php if ($block->canAddComment()):?>
+    <?php if ($block->canAddComment()) : ?>
         <div class="order-history-block" id="history_form">
 
             <div class="admin__field">
-                <label for="history_status" class="admin__field-label"><?= /* @noEscape */ __('Status') ?></label>
+                <label for="history_status" class="admin__field-label"><?= $block->escapeHtml(__('Status')) ?></label>
                 <div class="admin__field-control">
                     <select name="history[status]" id="history_status" class="admin__control-select">
-                        <?php foreach ($block->getStatuses() as $_code => $_label): ?>
-                            <option value="<?= $block->escapeHtml($_code) ?>"<?php if ($_code == $block->getOrder()->getStatus()): ?> selected="selected"<?php endif; ?>><?= $block->escapeHtml($_label) ?></option>
+                        <?php foreach ($block->getStatuses() as $_code => $_label) : ?>
+                            <option value="<?= $block->escapeHtml($_code) ?>"<?php if ($_code == $block->getOrder()->getStatus()) : ?> selected="selected"<?php endif; ?>><?= $block->escapeHtml($_label) ?></option>
                         <?php endforeach; ?>
                     </select>
                 </div>
@@ -24,7 +23,7 @@
 
             <div class="admin__field">
                 <label for="history_comment" class="admin__field-label">
-                    <?= /* @noEscape */ __('Comment') ?>
+                    <?= $block->escapeHtml(__('Comment')) ?>
                 </label>
                 <div class="admin__field-control">
                     <textarea name="history[comment]"
@@ -38,14 +37,14 @@
             <div class="admin__field">
                 <div class="order-history-comments-options">
                     <div class="admin__field admin__field-option">
-                        <?php if ($block->canSendCommentEmail()): ?>
+                        <?php if ($block->canSendCommentEmail()) : ?>
                             <input name="history[is_customer_notified]"
                                    type="checkbox"
                                    id="history_notify"
                                    class="admin__control-checkbox"
                                    value="1" />
                             <label class="admin__field-label" for="history_notify">
-                                <?= /* @noEscape */ __('Notify Customer by Email') ?>
+                                <?= $block->escapeHtml(__('Notify Customer by Email')) ?>
                             </label>
                         <?php endif; ?>
                     </div>
@@ -57,7 +56,7 @@
                                class="admin__control-checkbox"
                                value="1" />
                         <label class="admin__field-label" for="history_visible">
-                            <?= /* @noEscape */ __('Visible on Storefront') ?>
+                            <?= $block->escapeHtml(__('Visible on Storefront')) ?>
                         </label>
                     </div>
                 </div>
@@ -70,32 +69,30 @@
     <?php endif;?>
 
     <ul class="note-list">
-    <?php foreach ($block->getOrder()->getStatusHistoryCollection(true) as $_item): ?>
+    <?php foreach ($block->getOrder()->getStatusHistoryCollection(true) as $_item) : ?>
         <li class="note-list-item">
             <span class="note-list-date"><?= /* @noEscape */ $block->formatDate($_item->getCreatedAt(), \IntlDateFormatter::MEDIUM) ?></span>
             <span class="note-list-time"><?= /* @noEscape */ $block->formatTime($_item->getCreatedAt(), \IntlDateFormatter::MEDIUM) ?></span>
             <span class="note-list-status"><?= $block->escapeHtml($_item->getStatusLabel()) ?></span>
             <span class="note-list-customer">
-                <?= /* @noEscape */ __('Customer') ?>
-                <?php if ($block->isCustomerNotificationNotApplicable($_item)): ?>
-                    <span class="note-list-customer-notapplicable"><?= /* @noEscape */ __('Notification Not Applicable') ?></span>
-                <?php elseif ($_item->getIsCustomerNotified()): ?>
-                    <span class="note-list-customer-notified"><?= /* @noEscape */ __('Notified') ?></span>
-                <?php else: ?>
-                    <span class="note-list-customer-not-notified"><?= /* @noEscape */ __('Not Notified') ?></span>
+                <?= $block->escapeHtml(__('Customer')) ?>
+                <?php if ($block->isCustomerNotificationNotApplicable($_item)) : ?>
+                    <span class="note-list-customer-notapplicable"><?= $block->escapeHtml(__('Notification Not Applicable')) ?></span>
+                <?php elseif ($_item->getIsCustomerNotified()) : ?>
+                    <span class="note-list-customer-notified"><?= $block->escapeHtml(__('Notified')) ?></span>
+                <?php else : ?>
+                    <span class="note-list-customer-not-notified"><?= $block->escapeHtml(__('Not Notified')) ?></span>
                 <?php endif; ?>
             </span>
-            <?php if ($_item->getComment()): ?>
+            <?php if ($_item->getComment()) : ?>
                 <div class="note-list-comment"><?= $block->escapeHtml($_item->getComment(), ['b', 'br', 'strong', 'i', 'u', 'a']) ?></div>
             <?php endif; ?>
         </li>
     <?php endforeach; ?>
     </ul>
     <script>
-require(['prototype'], function(){
-
-        if($('order_status'))$('order_status').update('<?= $block->escapeJs($block->escapeHtml($block->getOrder()->getStatusLabel())) ?>');
-
-});
-</script>
+        require(['prototype'], function(){
+            if($('order_status'))$('order_status').update('<?= $block->escapeJs($block->escapeHtml($block->getOrder()->getStatusLabel())) ?>');
+        });
+    </script>
 </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/view/info.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/view/info.phtml
index bbd6394097f9e..508ac7c252de5 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/view/info.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/view/info.phtml
@@ -7,9 +7,6 @@
 /**
  * @var \Magento\Sales\Block\Adminhtml\Order\View\Info $block
  */
-
-// @codingStandardsIgnoreFile
-
 $order = $block->getOrder();
 
 $orderAdminDate = $block->formatDate(
@@ -38,10 +35,10 @@ $customerUrl = $block->getCustomerViewUrl();
             <?php $confirmationEmailStatusMessage = $order->getEmailSent() ? __('The order confirmation email was sent') : __('The order confirmation email is not sent'); ?>
             <div class="admin__page-section-item-title">
                 <span class="title">
-                    <?php if ($block->getNoUseOrderLink()): ?>
+                    <?php if ($block->getNoUseOrderLink()) : ?>
                         <?= $block->escapeHtml(__('Order # %1', $order->getRealOrderId())) ?> (<span><?= $block->escapeHtml($confirmationEmailStatusMessage) ?></span>)
-                    <?php else: ?>
-                        <a href="<?= $block->escapeHtml($block->getViewUrl($order->getId())) ?>"><?= $block->escapeHtml(__('Order # %1', $order->getRealOrderId())) ?></a>
+                    <?php else : ?>
+                        <a href="<?= $block->escapeUrl($block->getViewUrl($order->getId())) ?>"><?= $block->escapeHtml(__('Order # %1', $order->getRealOrderId())) ?></a>
                         <span>(<?= $block->escapeHtml($confirmationEmailStatusMessage) ?>)</span>
                     <?php endif; ?>
                 </span>
@@ -52,7 +49,7 @@ $customerUrl = $block->getCustomerViewUrl();
                     <th><?= $block->escapeHtml(__('Order Date')) ?></th>
                     <td><?= $block->escapeHtml($orderAdminDate) ?></td>
                 </tr>
-                <?php if ($orderAdminDate != $orderStoreDate):?>
+                <?php if ($orderAdminDate != $orderStoreDate) : ?>
                     <tr>
                         <th><?= $block->escapeHtml(__('Order Date (%1)', $block->getTimezoneForStore($order->getStore()))) ?></th>
                         <td><?= $block->escapeHtml($orderStoreDate) ?></td>
@@ -63,45 +60,45 @@ $customerUrl = $block->getCustomerViewUrl();
                     <td><span id="order_status"><?= $block->escapeHtml($order->getStatusLabel()) ?></span></td>
                 </tr>
                 <?= $block->getChildHtml() ?>
-                <?php if ($block->isSingleStoreMode() == false):?>
+                <?php if ($block->isSingleStoreMode() == false) : ?>
                     <tr>
                         <th><?= $block->escapeHtml(__('Purchased From')) ?></th>
                         <td><?= $block->escapeHtml($block->getOrderStoreName(), ['br']) ?></td>
                     </tr>
                 <?php endif; ?>
-                <?php if ($order->getRelationChildId()): ?>
+                <?php if ($order->getRelationChildId()) : ?>
                     <tr>
                         <th><?= $block->escapeHtml(__('Link to the New Order')) ?></th>
                         <td>
-                            <a href="<?= $block->escapeHtml($block->getViewUrl($order->getRelationChildId())) ?>">
+                            <a href="<?= $block->escapeUrl($block->getViewUrl($order->getRelationChildId())) ?>">
                                 <?= $block->escapeHtml($order->getRelationChildRealId()) ?>
                             </a>
                         </td>
                     </tr>
                 <?php endif; ?>
-                <?php if ($order->getRelationParentId()): ?>
+                <?php if ($order->getRelationParentId()) : ?>
                     <tr>
                         <th><?= $block->escapeHtml(__('Link to the Previous Order')) ?></th>
                         <td>
-                            <a href="<?= $block->escapeHtml($block->getViewUrl($order->getRelationParentId())) ?>">
+                            <a href="<?= $block->escapeUrl($block->getViewUrl($order->getRelationParentId())) ?>">
                                 <?= $block->escapeHtml($order->getRelationParentRealId()) ?>
                             </a>
                         </td>
                     </tr>
                 <?php endif; ?>
-                <?php if ($order->getRemoteIp() && $block->shouldDisplayCustomerIp()): ?>
+                <?php if ($order->getRemoteIp() && $block->shouldDisplayCustomerIp()) : ?>
                     <tr>
                         <th><?= $block->escapeHtml(__('Placed from IP')) ?></th>
-                        <td><?= $block->escapeHtml($order->getRemoteIp()); echo $order->getXForwardedFor() ? ' (' . $block->escapeHtml($order->getXForwardedFor()) . ')' : ''; ?></td>
+                        <td><?= $block->escapeHtml($order->getRemoteIp()); ?><?= $order->getXForwardedFor() ? ' (' . $block->escapeHtml($order->getXForwardedFor()) . ')' : ''; ?></td>
                     </tr>
                 <?php endif; ?>
-                <?php if ($order->getGlobalCurrencyCode() != $order->getBaseCurrencyCode()): ?>
+                <?php if ($order->getGlobalCurrencyCode() != $order->getBaseCurrencyCode()) : ?>
                     <tr>
                         <th><?= $block->escapeHtml(__('%1 / %2 rate:', $order->getGlobalCurrencyCode(), $order->getBaseCurrencyCode())) ?></th>
                         <td><?= $block->escapeHtml($order->getBaseToGlobalRate()) ?></td>
                     </tr>
                 <?php endif; ?>
-                <?php if ($order->getBaseCurrencyCode() != $order->getOrderCurrencyCode()): ?>
+                <?php if ($order->getBaseCurrencyCode() != $order->getOrderCurrencyCode()) : ?>
                     <tr>
                         <th><?= $block->escapeHtml(__('%1 / %2 rate:', $order->getOrderCurrencyCode(), $order->getBaseCurrencyCode())) ?></th>
                         <td><?= $block->escapeHtml($order->getBaseToOrderRate()) ?></td>
@@ -128,18 +125,18 @@ $customerUrl = $block->getCustomerViewUrl();
                     <tr>
                         <th><?= $block->escapeHtml(__('Customer Name')) ?></th>
                         <td>
-                            <?php if ($customerUrl): ?>
+                            <?php if ($customerUrl) : ?>
                                 <a href="<?= $block->escapeUrl($customerUrl) ?>" target="_blank">
                                     <span><?= $block->escapeHtml($order->getCustomerName()) ?></span>
                                 </a>
-                            <?php else: ?>
+                            <?php else : ?>
                                 <?= $block->escapeHtml($order->getCustomerName()) ?>
                             <?php endif; ?>
                         </td>
                     </tr>
                     <tr>
                         <th><?= $block->escapeHtml(__('Email')) ?></th>
-                        <td><a href="mailto:<?php echo $block->escapeHtml($order->getCustomerEmail()) ?>"><?php echo $block->escapeHtml($order->getCustomerEmail()) ?></a></td>
+                        <td><a href="mailto:<?= $block->escapeHtmlAttr($order->getCustomerEmail()) ?>"><?= $block->escapeHtml($order->getCustomerEmail()) ?></a></td>
                     </tr>
                     <?php if ($groupName = $block->getCustomerGroupName()) : ?>
                         <tr>
@@ -147,7 +144,7 @@ $customerUrl = $block->getCustomerViewUrl();
                             <td><?= $block->escapeHtml($groupName) ?></td>
                         </tr>
                     <?php endif; ?>
-                    <?php foreach ($block->getCustomerAccountData() as $data):?>
+                    <?php foreach ($block->getCustomerAccountData() as $data) : ?>
                         <tr>
                             <th><?= $block->escapeHtml($data['label']) ?></th>
                             <td><?= $block->escapeHtml($data['value'], ['br']) ?></td>
@@ -173,7 +170,7 @@ $customerUrl = $block->getCustomerViewUrl();
             </div>
             <address class="admin__page-section-item-content"><?= /* @noEscape */ $block->getFormattedAddress($order->getBillingAddress()); ?></address>
         </div>
-        <?php if (!$block->getOrder()->getIsVirtual()): ?>
+        <?php if (!$block->getOrder()->getIsVirtual()) : ?>
             <div class="admin__page-section-item order-shipping-address">
                 <?php /* Shipping Address */ ?>
                 <div class="admin__page-section-item-title">
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/view/items.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/view/items.phtml
index dc62bce78ea1e..6da7f6fc0471c 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/view/items.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/view/items.phtml
@@ -4,9 +4,6 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-?>
-<?php
 /**
  * @var \Magento\Sales\Block\Adminhtml\Order\View\Items $block
  */
@@ -18,19 +15,19 @@ $_order = $block->getOrder() ?>
                 <?php $i = 0;
                 $columns = $block->getColumns();
                 $lastItemNumber = count($columns) ?>
-                <?php foreach ($columns as $columnName => $columnTitle):?>
+                <?php foreach ($columns as $columnName => $columnTitle) : ?>
                     <?php $i++; ?>
-                    <th class="col-<?= /* @noEscape */ $columnName ?><?= /* @noEscape */ ($i === $lastItemNumber ? ' last' : '') ?>"><span><?= /* @noEscape */ $columnTitle ?></span></th>
+                    <th class="col-<?= /* @noEscape */ $columnName ?><?= /* @noEscape */ ($i === $lastItemNumber ? ' last' : '') ?>"><span><?= $block->escapeHtml($columnTitle) ?></span></th>
                 <?php endforeach; ?>
             </tr>
         </thead>
         <?php $_items = $block->getItemsCollection();?>
-        <?php $i = 0; foreach ($_items as $_item):?>
-            <?php if ($_item->getParentItem()) {
+        <?php $i = 0; foreach ($_items as $_item) : ?>
+            <?php if ($_item->getParentItem()) :
                 continue;
-            } else {
+            else :
                 $i++;
-            }?>
+            endif; ?>
             <tbody class="<?= /* @noEscape */ $i%2 ? 'even' : 'odd' ?>">
                 <?= $block->getItemHtml($_item) ?>
                 <?= $block->getItemExtraInfoHtml($_item) ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/view/items/renderer/default.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/view/items/renderer/default.phtml
index 387aab3d9616f..5ee04e6288949 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/view/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/view/items/renderer/default.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php /** @var \Magento\Sales\Block\Adminhtml\Order\View\Items\Renderer\DefaultRenderer $block */ ?>
 <?php $_item = $block->getItem() ?>
@@ -14,8 +11,8 @@
     <?php $i = 0;
     $columns = $block->getColumns();
     $lastItemNumber = count($columns) ?>
-    <?php foreach ($columns as $columnName => $columnClass):?>
+    <?php foreach ($columns as $columnName => $columnClass) : ?>
         <?php $i++; ?>
-        <td class="<?= /* @noEscape */ $columnClass ?><?= /* @noEscape */ ($i === $lastItemNumber ? ' last' : '') ?>"><?= /* @escapeNotVerified */ $block->getColumnHtml($_item, $columnName) ?></td>
+        <td class="<?= /* @noEscape */ $columnClass ?><?= /* @noEscape */ ($i === $lastItemNumber ? ' last' : '') ?>"><?= $block->getColumnHtml($_item, $columnName) ?></td>
     <?php endforeach; ?>
 </tr>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/view/tab/history.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/view/tab/history.phtml
index 87feaa857ef0e..0a93d25a7a021 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/view/tab/history.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/view/tab/history.phtml
@@ -4,25 +4,24 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+/** @var \Magento\Sales\Block\Adminhtml\Order\View\Tab\History $block */
 ?>
 <section class="admin__page-section edit-order-comments">
     <ul class="note-list">
-    <?php foreach ($block->getFullHistory() as $_item): ?>
+    <?php foreach ($block->getFullHistory() as $_item) : ?>
         <li class="note-list-item">
-            <span class="note-list-date"><?= /* @escapeNotVerified */ $block->getItemCreatedAt($_item) ?></span>
-            <span class="note-list-time"><?= /* @escapeNotVerified */ $block->getItemCreatedAt($_item, 'time') ?></span>
-            <span class="note-list-status"><?= /* @escapeNotVerified */ $block->getItemTitle($_item) ?></span>
-            <?php if ($block->isItemNotified($_item, false)): ?>
+            <span class="note-list-date"><?= /* @noEscape */ $block->getItemCreatedAt($_item) ?></span>
+            <span class="note-list-time"><?= /* @noEscape */ $block->getItemCreatedAt($_item, 'time') ?></span>
+            <span class="note-list-status"><?= /* @noEscape */ $block->getItemTitle($_item) ?></span>
+            <?php if ($block->isItemNotified($_item, false)) : ?>
                 <span class="note-list-customer">
-                    <?= /* @escapeNotVerified */ __('Customer') ?>
-                    <?php if ($block->isCustomerNotificationNotApplicable($_item)): ?>
-                        <span class="note-list-customer-notapplicable"><?= /* @escapeNotVerified */ __('Notification Not Applicable') ?></span>
-                    <?php elseif ($block->isItemNotified($_item)): ?>
-                        <span class="note-list-customer-notified"><?= /* @escapeNotVerified */ __('Notified') ?></span>
-                    <?php else: ?>
-                        <span class="note-list-customer-not-notified"><?= /* @escapeNotVerified */ __('Not Notified') ?></span>
+                    <?= $block->escapeHtml(__('Customer')) ?>
+                    <?php if ($block->isCustomerNotificationNotApplicable($_item)) : ?>
+                        <span class="note-list-customer-notapplicable"><?= $block->escapeHtml(__('Notification Not Applicable')) ?></span>
+                    <?php elseif ($block->isItemNotified($_item)) : ?>
+                        <span class="note-list-customer-notified"><?= $block->escapeHtml(__('Notified')) ?></span>
+                    <?php else : ?>
+                        <span class="note-list-customer-not-notified"><?= $block->escapeHtml(__('Not Notified')) ?></span>
                     <?php endif; ?>
                 </span>
             <?php endif; ?>
@@ -31,18 +30,18 @@
     </ul>
     <div class="edit-order-comments-block">
         <div class="edit-order-comments-block-title">
-            <?= /* @escapeNotVerified */ __('Notes for this Order') ?>
+            <?= $block->escapeHtml(__('Notes for this Order')) ?>
         </div>
-        <?php foreach ($block->getFullHistory() as $_item): ?>
-            <?php if ($_comment = $block->getItemComment($_item)): ?>
+        <?php foreach ($block->getFullHistory() as $_item) : ?>
+            <?php if ($_comment = $block->getItemComment($_item)) : ?>
                 <div class="comments-block-item">
                     <div class="comments-block-item-comment">
-                        <?= /* @escapeNotVerified */ $_comment ?>
+                        <?= /* @noEscape */ $_comment ?>
                     </div>
                     <span class="comments-block-item-date-time">
-                        <?= /* @escapeNotVerified */ __('Comment added') ?>
-                        <?= /* @escapeNotVerified */ $block->getItemCreatedAt($_item) ?>
-                        <?= /* @escapeNotVerified */ $block->getItemCreatedAt($_item, 'time') ?>
+                        <?= $block->escapeHtml(__('Comment added')) ?>
+                        <?= /* @noEscape */ $block->getItemCreatedAt($_item) ?>
+                        <?= /* @noEscape */ $block->getItemCreatedAt($_item, 'time') ?>
                     </span>
                 </div>
             <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/view/tab/info.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/view/tab/info.phtml
index 434ca127832a1..390adb7d5cfce 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/view/tab/info.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/view/tab/info.phtml
@@ -4,10 +4,8 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+/** @var $block \Magento\Sales\Block\Adminhtml\Order\View\Tab\Info */
 ?>
-<?php /** @var $block \Magento\Sales\Block\Adminhtml\Order\View\Tab\Info */ ?>
 <?php $_order = $block->getOrder() ?>
 
 <div id="order-messages">
@@ -15,21 +13,21 @@
 </div>
 
 <?= $block->getChildHtml('order_info') ?>
-<input type="hidden" name="order_id" value="<?= /* @escapeNotVerified */ $_order->getId() ?>"/>
+<input type="hidden" name="order_id" value="<?= (int) $_order->getId() ?>"/>
 
 <section class="admin__page-section order-view-billing-shipping">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Payment &amp; Shipping Method') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Payment &amp; Shipping Method')) ?></span>
     </div>
     <div class="admin__page-section-content">
-        <div class="admin__page-section-item order-payment-method<?php if ($_order->getIsVirtual()): ?> order-payment-method-virtual<?php endif; ?>">
+        <div class="admin__page-section-item order-payment-method<?= ($_order->getIsVirtual() ? ' order-payment-method-virtual' : '') ?>">
             <?php /* Payment Method */ ?>
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Payment Information') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Payment Information')) ?></span>
             </div>
             <div class="admin__page-section-item-content">
                 <div class="order-payment-method-title"><?= $block->getPaymentHtml() ?></div>
-                <div class="order-payment-currency"><?= /* @escapeNotVerified */ __('The order was placed using %1.', $_order->getOrderCurrencyCode()) ?></div>
+                <div class="order-payment-currency"><?= $block->escapeHtml(__('The order was placed using %1.', $_order->getOrderCurrencyCode())) ?></div>
                 <div class="order-payment-additional">
                     <?= $block->getChildHtml('order_payment_additional') ?>
                     <?= $block->getChildHtml('payment_additional_info') ?>
@@ -46,26 +44,26 @@
 
 <section class="admin__page-section">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Items Ordered') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Items Ordered')) ?></span>
     </div>
     <?= $block->getItemsHtml() ?>
 </section>
 
 <section class="admin__page-section">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Order Total') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Order Total')) ?></span>
     </div>
     <div class="admin__page-section-content">
         <div class="admin__page-section-item order-comments-history">
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Notes for this Order') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Notes for this Order')) ?></span>
             </div>
             <?= $block->getChildHtml('order_history') ?>
         </div>
 
         <div class="admin__page-section-item order-totals">
             <div class="admin__page-section-item-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Order Totals') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Order Totals')) ?></span>
             </div>
             <?= $block->getChildHtml('order_totals') ?>
         </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/page/js/components.phtml b/app/code/Magento/Sales/view/adminhtml/templates/page/js/components.phtml
index 1194e72e27c62..5902a9f25cc4b 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/page/js/components.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/page/js/components.phtml
@@ -1,12 +1,7 @@
 <?php
 /**
- * @category    design
- * @package     default_default
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?= $block->getChildHtml() ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/rss/order/grid/link.phtml b/app/code/Magento/Sales/view/adminhtml/templates/rss/order/grid/link.phtml
index 872f70d1d693a..9bc571a020425 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/rss/order/grid/link.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/rss/order/grid/link.phtml
@@ -4,10 +4,8 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var $block \Magento\Sales\Block\Adminhtml\Rss\Order\Grid\Link */
 ?>
 <?php if ($block->isRssAllowed() && $block->getLink()): ?>
-<a href="<?= /* @escapeNotVerified */ $block->getLink() ?>" class="link-feed"><?= /* @escapeNotVerified */ $block->getLabel() ?></a>
+<a href="<?= $block->escapeUrl($block->getLink()) ?>" class="link-feed"><?= $block->escapeHtml($block->getLabel()) ?></a>
 <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/transactions/detail.phtml b/app/code/Magento/Sales/view/adminhtml/templates/transactions/detail.phtml
index c46ff775f6f9a..9a2584b79653d 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/transactions/detail.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/transactions/detail.phtml
@@ -4,35 +4,34 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+/* @var \Magento\Sales\Block\Adminhtml\Transactions\Detail\ $block */
 ?>
 <div data-mage-init='{"floatingHeader": {}}' class="page-actions"><?= $block->getButtonsHtml() ?></div>
 <section class="admin__page-section">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Transaction Data') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Transaction Data')) ?></span>
     </div>
     <div id="log_details_fieldset" class="admin__page-section-content log-details">
         <table class="log-info data-table admin__table-secondary">
             <tbody>
             <tr>
-                <th><?= /* @escapeNotVerified */ __('Transaction ID') ?></th>
+                <th><?= $block->escapeHtml(__('Transaction ID')) ?></th>
                 <td><?= $block->getTxnIdHtml() ?></td>
             </tr>
             <tr>
-                <th><?= /* @escapeNotVerified */ __('Parent Transaction ID') ?></th>
+                <th><?= $block->escapeHtml(__('Parent Transaction ID')) ?></th>
                 <td>
-                    <?php if ($block->getParentTxnIdHtml()): ?>
+                    <?php if ($block->getParentTxnIdHtml()) : ?>
                     <a href="<?= $block->getParentTxnIdUrlHtml() ?>">
                         <?= $block->getParentTxnIdHtml() ?>
                     </a>
                     <?php else : ?>
-                    <?= /* @escapeNotVerified */ __('N/A') ?>
+                    <?= $block->escapeHtml(__('N/A')) ?>
                     <?php endif; ?>
                 </td>
             </tr>
             <tr>
-                <th><?= /* @escapeNotVerified */ __('Order ID') ?></th>
+                <th><?= $block->escapeHtml(__('Order ID')) ?></th>
                 <td>
                     <a href="<?= $block->getOrderIdUrlHtml() ?>">
                         <?= $block->getOrderIncrementIdHtml() ?>
@@ -40,15 +39,15 @@
                 </td>
             </tr>
             <tr>
-                <th><?= /* @escapeNotVerified */ __('Transaction Type') ?></th>
+                <th><?= $block->escapeHtml(__('Transaction Type')) ?></th>
                 <td><?= $block->getTxnTypeHtml() ?></td>
             </tr>
             <tr>
-                <th><?= /* @escapeNotVerified */ __('Is Closed') ?></th>
+                <th><?= $block->escapeHtml(__('Is Closed')) ?></th>
                 <td><?= $block->getIsClosedHtml() ?></td>
             </tr>
             <tr>
-                <th><?= /* @escapeNotVerified */ __('Created At') ?></th>
+                <th><?= $block->escapeHtml(__('Created At')) ?></th>
                 <td><?= $block->getCreatedAtHtml() ?></td>
             </tr>
             </tbody>
@@ -58,7 +57,7 @@
 
 <section class="admin__page-section">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Child Transactions') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Child Transactions')) ?></span>
     </div>
     <div class="admin__page-section-content log-details-grid">
         <?= $block->getChildHtml('child_grid') ?>
@@ -67,7 +66,7 @@
 
 <section class="admin__page-section">
     <div class="admin__page-section-title">
-        <span class="title"><?= /* @escapeNotVerified */ __('Transaction Details') ?></span>
+        <span class="title"><?= $block->escapeHtml(__('Transaction Details')) ?></span>
     </div>
     <div class="admin__page-section-content log-details-grid">
         <?= $block->getChildHtml('detail_grid') ?>

From eee9485266743e207a076cebe30fe8790f5fa8de Mon Sep 17 00:00:00 2001
From: Dave Macaulay <macaulay@adobe.com>
Date: Wed, 22 May 2019 12:48:46 +0200
Subject: [PATCH 05/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Remove static exception
---
 .../Magento/Test/Php/_files/whitelist/exempt_modules/ce.php      | 1 -
 1 file changed, 1 deletion(-)

diff --git a/dev/tests/static/testsuite/Magento/Test/Php/_files/whitelist/exempt_modules/ce.php b/dev/tests/static/testsuite/Magento/Test/Php/_files/whitelist/exempt_modules/ce.php
index 0d99320b15e7f..10a8bb4acbd31 100644
--- a/dev/tests/static/testsuite/Magento/Test/Php/_files/whitelist/exempt_modules/ce.php
+++ b/dev/tests/static/testsuite/Magento/Test/Php/_files/whitelist/exempt_modules/ce.php
@@ -35,7 +35,6 @@
     'Magento_Paypal',
     'Magento_ProductVideo',
     'Magento_Reports',
-    'Magento_Sales',
     'Magento_Search',
     'Magento_Shipping',
     'Magento_Store',

From 4f6f01fbae29a34f8ea4461f6712f6308bcf03d4 Mon Sep 17 00:00:00 2001
From: Dave Macaulay <macaulay@adobe.com>
Date: Wed, 22 May 2019 17:04:25 +0200
Subject: [PATCH 06/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Admin static issues
---
 .../Sales/view/adminhtml/templates/order/create/js.phtml  | 2 +-
 .../Sales/view/adminhtml/templates/order/details.phtml    | 4 ++--
 .../Sales/view/adminhtml/templates/order/totalbar.phtml   | 8 +++++---
 .../view/adminhtml/templates/order/totals/paid.phtml      | 2 +-
 .../view/adminhtml/templates/rss/order/grid/link.phtml    | 2 +-
 5 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/js.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/js.phtml
index 0c3f7fc2016be..eb39f71265cd6 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/js.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/js.phtml
@@ -3,7 +3,7 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
- ?>
+?>
 <script>
 require([
     "prototype",
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/details.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/details.phtml
index 708cb15faaa73..a3f7f62bbe193 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/details.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/details.phtml
@@ -44,7 +44,7 @@ $_order = $block->getOrder() ?>
             <td align="center" valign="top" style="padding:3px 9px"><?= (int) $_item->getQtyOrdered()*1 ?></td>
             <td align="right" valign="top" style="padding:3px 9px"><?= /* @noEscape */ $_order->formatPrice($_item->getRowTotal()) ?></td>
         </tr>
-<?php endforeach ?>
+<?php endforeach; ?>
     </tbody>
 
     <tfoot>
@@ -57,7 +57,7 @@ $_order = $block->getOrder() ?>
             <br /><?= $block->escapeHtml(__('Message:')) ?><br /> <?= $block->escapeHtml($_giftMessage->getMessage()) ?>
             </td>
         </tr>
-     <?php endif; ?>
+    <?php endif; ?>
         <tr>
             <td colspan="2" align="right" style="padding:3px 9px"><?= $block->escapeHtml(__('Subtotal')) ?></td>
             <td align="right" style="padding:3px 9px"><?= /* @noEscape */ $_order->formatPrice($_order->getSubtotal()) ?></td>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totalbar.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totalbar.phtml
index 6d872fa1e6427..0a9b6c806c4ce 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totalbar.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totalbar.phtml
@@ -7,11 +7,13 @@
 // @deprecated
 $totals = $block->getTotals();
 ?>
-<?php if ($totals && count($totals) > 0) : ?>
+<?php if ($totals && !empty($totals)) : ?>
 <table class="items-to-invoice">
     <tr>
-    <?php foreach ($totals as $total): ?>
-        <td <?php if ($total['grand']): ?>class="grand-total"<?php endif; ?>>
+    <?php foreach ($totals as $total) : ?>
+        <td <?php if ($total['grand']) :
+            ?>class="grand-total"<?php
+            endif; ?>>
             <?= $block->escapeHtml($total['label']) ?><br />
             <?= $block->escapeHtml($total['value']) ?>
         </td>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/paid.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/paid.phtml
index 28e0a44092e99..9ede6e21e78af 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/paid.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/paid.phtml
@@ -4,7 +4,7 @@
  * See COPYING.txt for license details.
  */
 ?>
-<?php if ($block->getCanDisplayTotalPaid()): ?>
+<?php if ($block->getCanDisplayTotalPaid()) : ?>
 <tr>
     <td class="label"><strong><?= $block->escapeHtml(__('Total Paid')) ?></strong></td>
     <td class="emph"><?= /* @noEscape */ $block->displayPriceAttribute('total_paid', true) ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/rss/order/grid/link.phtml b/app/code/Magento/Sales/view/adminhtml/templates/rss/order/grid/link.phtml
index 9bc571a020425..231eb274290cf 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/rss/order/grid/link.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/rss/order/grid/link.phtml
@@ -6,6 +6,6 @@
 
 /** @var $block \Magento\Sales\Block\Adminhtml\Rss\Order\Grid\Link */
 ?>
-<?php if ($block->isRssAllowed() && $block->getLink()): ?>
+<?php if ($block->isRssAllowed() && $block->getLink()) : ?>
 <a href="<?= $block->escapeUrl($block->getLink()) ?>" class="link-feed"><?= $block->escapeHtml($block->getLabel()) ?></a>
 <?php endif; ?>

From 142efdad8d1fdd19286e6f641378ec53b1a0d42c Mon Sep 17 00:00:00 2001
From: Dave Macaulay <macaulay@adobe.com>
Date: Wed, 22 May 2019 17:05:09 +0200
Subject: [PATCH 07/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Front-end static fixes
---
 .../Magento/Sales/view/frontend/templates/order/history.phtml | 4 ++--
 .../Sales/view/frontend/templates/order/invoice/items.phtml   | 2 +-
 .../view/frontend/templates/order/print/creditmemo.phtml      | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/code/Magento/Sales/view/frontend/templates/order/history.phtml b/app/code/Magento/Sales/view/frontend/templates/order/history.phtml
index 9ca214a3e3d62..829e28cca6aed 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/history.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/history.phtml
@@ -42,7 +42,7 @@
                             <a href="<?= $block->escapeUrl($block->getViewUrl($_order)) ?>" class="action view">
                                 <span><?= $block->escapeHtml(__('View Order')) ?></span>
                             </a>
-                            <?php if ($this->helper('Magento\Sales\Helper\Reorder')->canReorder($_order->getEntityId())) : ?>
+                            <?php if ($this->helper(\Magento\Sales\Helper\Reorder::class)->canReorder($_order->getEntityId())) : ?>
                                 <a href="#" data-post='<?= /* @noEscape */
                                 $this->helper(\Magento\Framework\Data\Helper\PostHelper::class)
                                     ->getPostData($block->getReorderUrl($_order))
@@ -59,6 +59,6 @@
     <?php if ($block->getPagerHtml()) : ?>
         <div class="order-products-toolbar toolbar bottom"><?= $block->getPagerHtml() ?></div>
     <?php endif ?>
-<?php else: ?>
+<?php else : ?>
     <div class="message info empty"><span><?= $block->escapeHtml(__('You have placed no orders.')) ?></span></div>
 <?php endif ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/invoice/items.phtml b/app/code/Magento/Sales/view/frontend/templates/order/invoice/items.phtml
index ab896fecdb169..419060bfba713 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/invoice/items.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/invoice/items.phtml
@@ -34,7 +34,7 @@
                 </tr>
             </thead>
             <?php $_items = $_invoice->getAllItems(); ?>
-            <?php foreach ($_items as $_item): ?>
+            <?php foreach ($_items as $_item) : ?>
                 <?php if (!$_item->getOrderItem()->getParentItem()) : ?>
                     <tbody>
                         <?= $block->getItemHtml($_item) ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/print/creditmemo.phtml b/app/code/Magento/Sales/view/frontend/templates/order/print/creditmemo.phtml
index 5ac2a768a161d..05c6048ee15ae 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/print/creditmemo.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/print/creditmemo.phtml
@@ -8,7 +8,7 @@
 <?php $_creditmemo = $block->getCreditmemo() ?>
 <?php if ($_creditmemo) : ?>
     <?php $_creditmemos = [$_creditmemo]; ?>
-<?php else: ?>
+<?php else : ?>
     <?php $_creditmemos = $_order->getCreditmemosCollection() ?>
 <?php endif; ?>
 <?php foreach ($_creditmemos as $_creditmemo) : ?>

From 5aa97c4b46f176f271af1e4224626e7e0704b2f0 Mon Sep 17 00:00:00 2001
From: Dave Macaulay <macaulay@adobe.com>
Date: Thu, 23 May 2019 12:43:52 +0200
Subject: [PATCH 08/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Resolve admin attribute issues
---
 .../view/adminhtml/templates/items/column/name.phtml      | 2 +-
 .../adminhtml/templates/order/create/form/account.phtml   | 2 +-
 .../adminhtml/templates/order/create/form/address.phtml   | 2 +-
 .../Sales/view/adminhtml/templates/order/totals.phtml     | 8 ++++----
 .../templates/order/view/items/renderer/default.phtml     | 4 +++-
 5 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/app/code/Magento/Sales/view/adminhtml/templates/items/column/name.phtml b/app/code/Magento/Sales/view/adminhtml/templates/items/column/name.phtml
index 151c1bcaa40f0..6797083afcc47 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/items/column/name.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/items/column/name.phtml
@@ -24,7 +24,7 @@
                 <dt><?= $block->escapeHtml($_option['label']) ?>:</dt>
                 <dd>
                     <?php if (isset($_option['custom_view']) && $_option['custom_view']) : ?>
-                        <?= $block->escapeHtml($block->getCustomizedOptionValue($_option)) ?>
+                        <?= /* @noEscape */ $block->getCustomizedOptionValue($_option) ?>
                     <?php else : ?>
                         <?php $_option = $block->getFormattedOption($_option['value']); ?>
                         <?php $dots = 'dots' . uniqid(); ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/account.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/account.phtml
index 85ca9c8159bcc..a63e85c71c13a 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/account.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/account.phtml
@@ -7,7 +7,7 @@
 /** @var $block \Magento\Sales\Block\Adminhtml\Order\Create\Form\Account */
 ?>
 
-<div class="admin__page-section-title <?= $block->escapeHtmlAttr($block->getHeaderCssClass()) ?>">
+<div class="admin__page-section-title <?= /* @noEscape */ $block->getHeaderCssClass() ?>">
     <span class="title"><?= $block->escapeHtml($block->getHeaderText()) ?></span>
     <div class="actions"></div>
 </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml
index 9464e75182396..7355e8099e398 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml
@@ -46,7 +46,7 @@ else :
 endif; ?>
 
 <fieldset class="admin__fieldset">
-    <legend class="admin__legend <?= $block->escapeHtmlAttr($block->getHeaderCssClass()) ?>">
+    <legend class="admin__legend <?= /* @noEscape */ $block->getHeaderCssClass() ?>">
         <span><?= $block->escapeHtml($block->getHeaderText()) ?></span>
     </legend><br>
 
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totals.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totals.phtml
index a1c3ebb7aa675..1f495b9c4a573 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totals.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totals.phtml
@@ -16,10 +16,10 @@
                     <?= $block->getChildHtml($_total->getBlockName(), false) ?>
                 <?php else : ?>
                 <tr class="col-<?= $block->escapeHtmlAttr($_code) ?>">
-                    <td <?= $block->escapeHtmlAttr($block->getLabelProperties()) ?> class="label">
+                    <td <?= /* @noEscape */ $block->getLabelProperties() ?> class="label">
                         <strong><?= $block->escapeHtml($_total->getLabel()) ?></strong>
                     </td>
-                    <td <?= $block->escapeHtmlAttr($block->getValueProperties()) ?>>
+                    <td <?= /* @noEscape */ $block->getValueProperties() ?>>
                         <strong><?= /* @noEscape */ $block->formatValue($_total) ?></strong>
                     </td>
                 </tr>
@@ -45,11 +45,11 @@
                         </td>
 
                         <?php if ($_total->getStrong()) : ?>
-                            <td <?= $block->escapeHtmlAttr($block->getValueProperties()) ?>>
+                            <td <?= /* @noEscape */ $block->getValueProperties() ?>>
                                 <strong><?= /* @noEscape */ $block->formatValue($_total) ?></strong>
                             </td>
                         <?php else : ?>
-                            <td <?= $block->escapeHtmlAttr($block->getValueProperties()) ?>>
+                            <td <?= /* @noEscape */ $block->getValueProperties() ?>>
                                 <span><?= /* @noEscape */ $block->formatValue($_total) ?></span>
                             </td>
                         <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/view/items/renderer/default.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/view/items/renderer/default.phtml
index 5ee04e6288949..c54e23d141e0d 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/view/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/view/items/renderer/default.phtml
@@ -13,6 +13,8 @@
     $lastItemNumber = count($columns) ?>
     <?php foreach ($columns as $columnName => $columnClass) : ?>
         <?php $i++; ?>
-        <td class="<?= /* @noEscape */ $columnClass ?><?= /* @noEscape */ ($i === $lastItemNumber ? ' last' : '') ?>"><?= $block->getColumnHtml($_item, $columnName) ?></td>
+        <td class="<?= /* @noEscape */ $columnClass ?><?= /* @noEscape */ ($i === $lastItemNumber ? ' last' : '') ?>">
+            <?= $block->getColumnHtml($_item, $columnName) ?>
+        </td>
     <?php endforeach; ?>
 </tr>

From 29445834d12c070e2cd1c8677f4784afb2ee9cf1 Mon Sep 17 00:00:00 2001
From: Dave Macaulay <macaulay@adobe.com>
Date: Thu, 23 May 2019 12:44:02 +0200
Subject: [PATCH 09/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Resolve store-front attribute issues
---
 .../Magento/Sales/view/frontend/templates/order/totals.phtml  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/code/Magento/Sales/view/frontend/templates/order/totals.phtml b/app/code/Magento/Sales/view/frontend/templates/order/totals.phtml
index e62fb341519aa..7a88f14eb0715 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/totals.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/totals.phtml
@@ -14,14 +14,14 @@
         <?= $block->getChildHtml($_total->getBlockName(), false) ?>
     <?php else :?>
     <tr class="<?= $block->escapeHtmlAttr($_code) ?>">
-        <th <?= $block->escapeHtmlAttr($block->getLabelProperties()) ?> scope="row">
+        <th <?= /* @noEscape */ $block->getLabelProperties() ?> scope="row">
             <?php if ($_total->getStrong()) : ?>
                 <strong><?= $block->escapeHtml($_total->getLabel()) ?></strong>
             <?php else : ?>
                 <?= $block->escapeHtml($_total->getLabel()) ?>
             <?php endif ?>
         </th>
-        <td <?= $block->escapeHtmlAttr($block->getValueProperties()) ?> data-th="<?= $block->escapeHtmlAttr($_total->getLabel()) ?>">
+        <td <?= /* @noEscape */ $block->getValueProperties() ?> data-th="<?= $block->escapeHtmlAttr($_total->getLabel()) ?>">
             <?php if ($_total->getStrong()) : ?>
                 <strong><?= /* @noEscape */ $block->formatValue($_total) ?></strong>
             <?php else : ?>

From 0de669a7882a60f7ed1628f111d87bcdf1d7dea8 Mon Sep 17 00:00:00 2001
From: Dave Macaulay <macaulay@adobe.com>
Date: Thu, 23 May 2019 14:11:45 +0200
Subject: [PATCH 10/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Resolve further escape issues in admin
---
 .../view/adminhtml/templates/order/create/form/account.phtml    | 2 +-
 .../view/adminhtml/templates/order/create/form/address.phtml    | 2 +-
 .../view/adminhtml/templates/order/create/totals/tax.phtml      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/account.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/account.phtml
index a63e85c71c13a..85ca9c8159bcc 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/account.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/account.phtml
@@ -7,7 +7,7 @@
 /** @var $block \Magento\Sales\Block\Adminhtml\Order\Create\Form\Account */
 ?>
 
-<div class="admin__page-section-title <?= /* @noEscape */ $block->getHeaderCssClass() ?>">
+<div class="admin__page-section-title <?= $block->escapeHtmlAttr($block->getHeaderCssClass()) ?>">
     <span class="title"><?= $block->escapeHtml($block->getHeaderText()) ?></span>
     <div class="actions"></div>
 </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml
index 7355e8099e398..9464e75182396 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml
@@ -46,7 +46,7 @@ else :
 endif; ?>
 
 <fieldset class="admin__fieldset">
-    <legend class="admin__legend <?= /* @noEscape */ $block->getHeaderCssClass() ?>">
+    <legend class="admin__legend <?= $block->escapeHtmlAttr($block->getHeaderCssClass()) ?>">
         <span><?= $block->escapeHtml($block->getHeaderText()) ?></span>
     </legend><br>
 
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/tax.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/tax.phtml
index 44b56c5065c99..042b2f5113cac 100755
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/tax.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/tax.phtml
@@ -15,7 +15,7 @@ $taxAmount = $block->getTotal()->getValue();
     global $taxIter;
     $taxIter++;
     ?>
-    <?php $class = "{$block->getTotal()->getCode()} " . ($this->helper(\Magento\Tax\Helper\Data::class)->displayFullSummary() ? 'summary-total' : ''); ?>
+    <?php $class = $block->escapeHtmlAttr("{$block->getTotal()->getCode()} " . ($this->helper(\Magento\Tax\Helper\Data::class)->displayFullSummary() ? 'summary-total' : '')); ?>
     <tr<?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displayFullSummary()) : ?>
         onclick="expandDetails(this, '.summary-details-<?= $block->escapeJs($taxIter) ?>')"
     <?php endif; ?>

From ece43837854609185afe0023ea74215fa56a2910 Mon Sep 17 00:00:00 2001
From: Dave Macaulay <macaulay@adobe.com>
Date: Fri, 24 May 2019 11:36:43 +0200
Subject: [PATCH 11/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Resolve redundant *1
- Use shorthand for ternary statements
---
 .../templates/email/items/creditmemo/default.phtml     |  4 ++--
 .../templates/email/items/invoice/default.phtml        |  4 ++--
 .../frontend/templates/email/items/order/default.phtml |  4 ++--
 .../templates/email/items/shipment/default.phtml       |  2 +-
 .../view/frontend/templates/email/shipment/track.phtml |  4 +++-
 .../order/creditmemo/items/renderer/default.phtml      |  6 ++----
 .../Sales/view/frontend/templates/order/history.phtml  |  2 +-
 .../order/invoice/items/renderer/default.phtml         |  4 ++--
 .../templates/order/items/renderer/default.phtml       | 10 +++++-----
 .../order/shipment/items/renderer/default.phtml        |  2 +-
 10 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/app/code/Magento/Sales/view/frontend/templates/email/items/creditmemo/default.phtml b/app/code/Magento/Sales/view/frontend/templates/email/items/creditmemo/default.phtml
index 566b0060d1a74..1066a8dc9b1be 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/items/creditmemo/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/items/creditmemo/default.phtml
@@ -16,7 +16,7 @@
                 <?php foreach ($block->getItemOptions() as $option) : ?>
                     <dt><strong><em><?= $block->escapeHtml($option['label']) ?></em></strong></dt>
                     <dd>
-                        <?= /* @noEscape */  nl2br($option['value']) ?>
+                        <?= /* @noEscape */  nl2br($block->escapeHtml($option['value'])) ?>
                     </dd>
                 <?php endforeach; ?>
             </dl>
@@ -27,7 +27,7 @@
         <?php endif; ?>
         <?= $block->escapeHtml($_item->getDescription()) ?>
     </td>
-    <td class="item-qty"><?= (int) $_item->getQty() * 1 ?></td>
+    <td class="item-qty"><?= (int) $_item->getQty() ?></td>
     <td class="item-price">
         <?= /* @noEscape */  $block->getItemPrice($_item) ?>
     </td>
diff --git a/app/code/Magento/Sales/view/frontend/templates/email/items/invoice/default.phtml b/app/code/Magento/Sales/view/frontend/templates/email/items/invoice/default.phtml
index 2ef34b406e25c..e0a25ce52068d 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/items/invoice/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/items/invoice/default.phtml
@@ -15,7 +15,7 @@
                 <?php foreach ($block->getItemOptions() as $option) : ?>
                     <dt><strong><em><?= $block->escapeHtml($option['label']) ?></em></strong></dt>
                     <dd>
-                        <?= /* @noEscape */  nl2br($option['value']) ?>
+                        <?= /* @noEscape */  nl2br($block->escapeHtml($option['value'])) ?>
                     </dd>
                 <?php endforeach; ?>
             </dl>
@@ -26,7 +26,7 @@
         <?php endif; ?>
         <?= $block->escapeHtml($_item->getDescription()) ?>
     </td>
-    <td class="item-qty"><?= (int) $_item->getQty() * 1 ?></td>
+    <td class="item-qty"><?= (int) $_item->getQty() ?></td>
     <td class="item-price">
         <?= /* @noEscape */ $block->getItemPrice($_item->getOrderItem()) ?>
     </td>
diff --git a/app/code/Magento/Sales/view/frontend/templates/email/items/order/default.phtml b/app/code/Magento/Sales/view/frontend/templates/email/items/order/default.phtml
index 6edd536b2b8ce..a39442136e2f0 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/items/order/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/items/order/default.phtml
@@ -21,7 +21,7 @@ $_order = $_item->getOrder();
             <?php foreach ($block->getItemOptions() as $option) : ?>
                 <dt><strong><em><?= $block->escapeHtml($option['label']) ?></em></strong></dt>
                 <dd>
-                    <?= /* @noEscape */  nl2br($option['value']) ?>
+                    <?= /* @noEscape */  nl2br($block->escapeHtml($option['value'])) ?>
                 </dd>
             <?php endforeach; ?>
             </dl>
@@ -32,7 +32,7 @@ $_order = $_item->getOrder();
         <?php endif; ?>
         <?= $block->escapeHtml($_item->getDescription()) ?>
     </td>
-    <td class="item-qty"><?= (int) $_item->getQtyOrdered() * 1 ?></td>
+    <td class="item-qty"><?= (int) $_item->getQtyOrdered() ?></td>
     <td class="item-price">
         <?= /* @noEscape */ $block->getItemPrice($_item) ?>
     </td>
diff --git a/app/code/Magento/Sales/view/frontend/templates/email/items/shipment/default.phtml b/app/code/Magento/Sales/view/frontend/templates/email/items/shipment/default.phtml
index 8fba7f9b66c84..3cab6ae1ed993 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/items/shipment/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/items/shipment/default.phtml
@@ -26,5 +26,5 @@ $_item = $block->getItem() ?>
         <?php endif; ?>
         <?= $block->escapeHtml($_item->getDescription()) ?>
     </td>
-    <td class="item-qty"><?= (int) $_item->getQty() * 1 ?></td>
+    <td class="item-qty"><?= (int) $_item->getQty() ?></td>
 </tr>
diff --git a/app/code/Magento/Sales/view/frontend/templates/email/shipment/track.phtml b/app/code/Magento/Sales/view/frontend/templates/email/shipment/track.phtml
index 4c9993c764a8c..7b3769b2971e5 100644
--- a/app/code/Magento/Sales/view/frontend/templates/email/shipment/track.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/email/shipment/track.phtml
@@ -6,7 +6,9 @@
 
 ?>
 <?php $_shipment = $block->getShipment() ?>
-<?php $_order = $block->getOrder() ?>
+<?php
+/* @var \Magento\Sales\Model\Order $_order */
+$_order = $block->getOrder() ?>
 <?php if ($_shipment && $_order) : ?>
     <?php $trackCollection = $_order->getTracksCollection($_shipment->getId()) ?>
     <?php if ($trackCollection) : ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/creditmemo/items/renderer/default.phtml b/app/code/Magento/Sales/view/frontend/templates/order/creditmemo/items/renderer/default.phtml
index 1740ef2261c97..27e7715c2dc33 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/creditmemo/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/creditmemo/items/renderer/default.phtml
@@ -29,9 +29,7 @@
                     </dd>
                 <?php else : ?>
                     <dd>
-                        <?= $block->escapeHtml(
-                            (isset($_option['print_value']) ? $_option['print_value'] : $_option['value'])
-                        ) ?>
+                        <?= $block->escapeHtml($_option['print_value'] ?? $_option['value']) ?>
                     </dd>
                 <?php endif; ?>
             <?php endforeach; ?>
@@ -59,7 +57,7 @@
     <td class="col price" data-th="<?= $block->escapeHtml(__('Price')) ?>">
         <?= $block->getItemPriceHtml() ?>
     </td>
-    <td class="col qty" data-th="<?= $block->escapeHtml(__('Qty')) ?>"><?= (int) $_item->getQty() * 1 ?></td>
+    <td class="col qty" data-th="<?= $block->escapeHtml(__('Qty')) ?>"><?= (int) $_item->getQty() ?></td>
     <td class="col subtotal" data-th="<?= $block->escapeHtml(__('Subtotal')) ?>">
         <?= $block->getItemRowTotalHtml() ?>
     </td>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/history.phtml b/app/code/Magento/Sales/view/frontend/templates/order/history.phtml
index 829e28cca6aed..ef56ad69dcb1b 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/history.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/history.phtml
@@ -10,7 +10,7 @@
 ?>
 <?php $_orders = $block->getOrders(); ?>
 <?= $block->getChildHtml('info') ?>
-<?php if ($_orders && !empty($_orders)) : ?>
+<?php if ($_orders && count($_orders)) : ?>
     <div class="table-wrapper orders-history">
         <table class="data table table-order-items history" id="my-orders-table">
             <caption class="table-caption"><?= $block->escapeHtml(__('Orders')) ?></caption>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/invoice/items/renderer/default.phtml b/app/code/Magento/Sales/view/frontend/templates/order/invoice/items/renderer/default.phtml
index beb1a4f8e3813..ece72e9119d1e 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/invoice/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/invoice/items/renderer/default.phtml
@@ -28,7 +28,7 @@
                         <?php endif; ?>
                     </dd>
                 <?php else : ?>
-                    <dd><?= $block->escapeHtml((isset($_option['print_value']) ? $_option['print_value'] : $_option['value'])) ?></dd>
+                    <dd><?= $block->escapeHtml($_option['print_value'] ?? $_option['value']) ?></dd>
                 <?php endif; ?>
             <?php endforeach; ?>
             </dl>
@@ -44,7 +44,7 @@
         <?= $block->getItemPriceHtml() ?>
     </td>
     <td class="col qty" data-th="<?= $block->escapeHtml(__('Qty Invoiced')) ?>">
-        <span class="qty summary"><?= (int) $_item->getQty()*1 ?></span>
+        <span class="qty summary"><?= (int) $_item->getQty() ?></span>
     </td>
     <td class="col subtotal" data-th="<?= $block->escapeHtml(__('Subtotal')) ?>">
         <?= $block->getItemRowTotalHtml() ?>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/items/renderer/default.phtml b/app/code/Magento/Sales/view/frontend/templates/order/items/renderer/default.phtml
index 5ff362c038a1d..aec0ec6b4fe2d 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/items/renderer/default.phtml
@@ -25,7 +25,7 @@ $_item = $block->getItem();
                     </dd>
                 <?php else : ?>
                     <dd>
-                        <?= /* @noEscape */ nl2br($block->escapeHtml((isset($_option['print_value']) ? $_option['print_value'] : $_option['value']))) ?>
+                        <?= /* @noEscape */ nl2br($block->escapeHtml($_option['print_value'] ?? $_option['value'])) ?>
                     </dd>
                 <?php endif; ?>
             <?php endforeach; ?>
@@ -46,25 +46,25 @@ $_item = $block->getItem();
         <?php if ($block->getItem()->getQtyOrdered() > 0) : ?>
             <li class="item">
                 <span class="title"><?= $block->escapeHtml(__('Ordered')) ?></span>
-                <span class="content"><?= (int) $block->getItem()->getQtyOrdered()*1 ?></span>
+                <span class="content"><?= (int) $block->getItem()->getQtyOrdered() ?></span>
             </li>
         <?php endif; ?>
         <?php if ($block->getItem()->getQtyShipped() > 0) : ?>
             <li class="item">
                 <span class="title"><?= $block->escapeHtml(__('Shipped')) ?></span>
-                <span class="content"><?= (int) $block->getItem()->getQtyShipped()*1 ?></span>
+                <span class="content"><?= (int) $block->getItem()->getQtyShipped() ?></span>
             </li>
         <?php endif; ?>
         <?php if ($block->getItem()->getQtyCanceled() > 0) : ?>
             <li class="item">
                 <span class="title"><?= $block->escapeHtml(__('Canceled')) ?></span>
-                <span class="content"><?= (int) $block->getItem()->getQtyCanceled()*1 ?></span>
+                <span class="content"><?= (int) $block->getItem()->getQtyCanceled() ?></span>
             </li>
         <?php endif; ?>
         <?php if ($block->getItem()->getQtyRefunded() > 0) : ?>
             <li class="item">
                 <span class="title"><?= $block->escapeHtml(__('Refunded')) ?></span>
-                <span class="content"><?= (int) $block->getItem()->getQtyRefunded()*1 ?></span>
+                <span class="content"><?= (int) $block->getItem()->getQtyRefunded() ?></span>
             </li>
         <?php endif; ?>
         </ul>
diff --git a/app/code/Magento/Sales/view/frontend/templates/order/shipment/items/renderer/default.phtml b/app/code/Magento/Sales/view/frontend/templates/order/shipment/items/renderer/default.phtml
index 5e8452cf19b4b..57aeffb26f823 100644
--- a/app/code/Magento/Sales/view/frontend/templates/order/shipment/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/frontend/templates/order/shipment/items/renderer/default.phtml
@@ -39,5 +39,5 @@
         <?= $block->escapeHtml($_item->getDescription()) ?>
     </td>
     <td class="col sku" data-th="<?= $block->escapeHtml(__('SKU')) ?>"><?= /* @noEscape */ $block->prepareSku($block->getSku()) ?></td>
-    <td class="col qty" data-th="<?= $block->escapeHtml(__('Qty Shipped')) ?>"><?= (int) $_item->getQty()*1 ?></td>
+    <td class="col qty" data-th="<?= $block->escapeHtml(__('Qty Shipped')) ?>"><?= (int) $_item->getQty() ?></td>
 </tr>

From 7e3dd6160f8fa486271a2cb93648e23a3a6e3264 Mon Sep 17 00:00:00 2001
From: Dave Macaulay <macaulay@adobe.com>
Date: Fri, 24 May 2019 11:43:20 +0200
Subject: [PATCH 12/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Resolve admin redundant characters
---
 .../view/adminhtml/templates/items/column/qty.phtml    | 10 +++++-----
 .../adminhtml/templates/order/create/items/grid.phtml  |  2 +-
 .../templates/order/create/sidebar/items.phtml         |  2 +-
 .../templates/order/creditmemo/create/items.phtml      |  2 +-
 .../creditmemo/create/items/renderer/default.phtml     |  4 ++--
 .../order/creditmemo/create/totals/adjustments.phtml   |  4 ++--
 .../templates/order/creditmemo/view/form.phtml         |  2 +-
 .../order/creditmemo/view/items/renderer/default.phtml |  2 +-
 .../Sales/view/adminhtml/templates/order/details.phtml |  2 +-
 .../order/invoice/create/items/renderer/default.phtml  |  4 ++--
 .../order/invoice/view/items/renderer/default.phtml    |  2 +-
 .../view/adminhtml/templates/order/totalbar.phtml      |  2 +-
 12 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/app/code/Magento/Sales/view/adminhtml/templates/items/column/qty.phtml b/app/code/Magento/Sales/view/adminhtml/templates/items/column/qty.phtml
index c85681ac927a7..645cdb9aac624 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/items/column/qty.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/items/column/qty.phtml
@@ -8,34 +8,34 @@
     <table class="qty-table">
         <tr>
             <th><?= $block->escapeHtml(__('Ordered')); ?></th>
-            <td><?= (int)$item->getQtyOrdered() * 1 ?></td>
+            <td><?= (int) $item->getQtyOrdered() ?></td>
         </tr>
 
         <?php if ((float)$item->getQtyInvoiced()) : ?>
             <tr>
                 <th><?= $block->escapeHtml(__('Invoiced')); ?></th>
-                <td><?= (int)$item->getQtyInvoiced() * 1 ?></td>
+                <td><?= (int) $item->getQtyInvoiced() ?></td>
             </tr>
         <?php endif; ?>
 
         <?php if ((float)$item->getQtyShipped()) : ?>
             <tr>
                 <th><?= $block->escapeHtml(__('Shipped')); ?></th>
-                <td><?= (int)$item->getQtyShipped() * 1 ?></td>
+                <td><?= (int) $item->getQtyShipped() ?></td>
             </tr>
         <?php endif; ?>
 
         <?php if ((float)$item->getQtyRefunded()) : ?>
             <tr>
                 <th><?= $block->escapeHtml(__('Refunded')); ?></th>
-                <td><?= (int)$item->getQtyRefunded() * 1 ?></td>
+                <td><?= (int) $item->getQtyRefunded() ?></td>
             </tr>
         <?php endif; ?>
 
         <?php if ((float)$item->getQtyCanceled()) : ?>
             <tr>
                 <th><?= $block->escapeHtml(__('Canceled')); ?></th>
-                <td><?= (int)$item->getQtyCanceled() * 1 ?></td>
+                <td><?= (int) $item->getQtyCanceled() ?></td>
             </tr>
         <?php endif; ?>
 
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/grid.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/grid.phtml
index d89f565ea6059..cd7d215b36af5 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/grid.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/items/grid.phtml
@@ -115,7 +115,7 @@
                         <td class="col-qty">
                             <input name="item[<?= (int) $_item->getId() ?>][qty]"
                                    class="input-text item-qty admin__control-text"
-                                   value="<?= (int) $_item->getQty()*1 ?>"
+                                   value="<?= (int) $_item->getQty() ?>"
                                    maxlength="12" />
                         </td>
                         <td class="col-subtotal col-price">
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml
index 6c6c628426bbe..aebf82a8dee67 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml
@@ -105,7 +105,7 @@
                                            type="checkbox"
                                            class="admin__control-checkbox"
                                            name="sidebar[<?= $block->escapeHtmlAttr($block->getSidebarStorageAction()) ?>][<?= (int) $block->getIdentifierId($_item) ?>]"
-                                           value="<?= $block->canDisplayItemQty() ? (int) $_item->getQty()*1 : 1 ?>"
+                                           value="<?= $block->canDisplayItemQty() ? (int) $_item->getQty() : 1 ?>"
                                            title="<?= $block->escapeHtml(__('Add To Order')) ?>"/>
                                     <label class="admin__field-label"
                                            for="sidebar-<?= $block->escapeHtmlAttr($block->getSidebarStorageAction()) ?>-<?= (int) $block->getIdentifierId($_item) ?>">
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items.phtml
index 469eaa5416c61..31d3b281532d9 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items.phtml
@@ -13,7 +13,7 @@
         <span class="title"><?= $block->escapeHtml(__('Items to Refund')) ?></span>
     </div>
 
-    <?php if (!empty($_items)) : ?>
+    <?php if (count($_items)) : ?>
     <div class="admin__table-wrapper">
         <table class="data-table admin__table-primary order-creditmemo-tables">
             <thead>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items/renderer/default.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items/renderer/default.phtml
index e73333acd5fd4..65c28578b68b3 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/items/renderer/default.phtml
@@ -29,9 +29,9 @@
         <input type="text"
                class="input-text admin__control-text qty-input"
                name="creditmemo[items][<?= (int) $_item->getOrderItemId() ?>][qty]"
-               value="<?= (int) $_item->getQty()*1 ?>"/>
+               value="<?= (int) $_item->getQty() ?>"/>
     <?php else : ?>
-        <?= (int) $_item->getQty()*1 ?>
+        <?= (int) $_item->getQty() ?>
     <?php endif; ?>
     </td>
     <td class="col-subtotal">
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/totals/adjustments.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/totals/adjustments.phtml
index 96c79cd142360..bd7d16fb5a561 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/totals/adjustments.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/totals/adjustments.phtml
@@ -21,7 +21,7 @@
         <td>
             <input type="text"
                    name="creditmemo[adjustment_positive]"
-                   value="<?= /* @noEscape */ $_source->getBaseAdjustmentPositive()*1 ?>"
+                   value="<?= /* @noEscape */ $_source->getBaseAdjustmentPositive() ?>"
                    class="input-text admin__control-text not-negative-amount"
                    id="adjustment_positive" />
         </td>
@@ -31,7 +31,7 @@
         <td>
             <input type="text"
                    name="creditmemo[adjustment_negative]"
-                   value="<?= /* @noEscape */ $_source->getBaseAdjustmentNegative()*1 ?>"
+                   value="<?= /* @noEscape */ $_source->getBaseAdjustmentNegative() ?>"
                    class="input-text admin__control-text not-negative-amount"
                    id="adjustment_negative"/>
             <script>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/form.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/form.phtml
index 7a216dca999ba..7e3dc7ea0be0e 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/form.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/form.phtml
@@ -62,7 +62,7 @@
 </section>
 <?php $_items = $block->getCreditmemo()->getAllItems() ?>
 
-<?php if (!empty($_items)) : ?>
+<?php if (count($_items)) : ?>
 <div id="creditmemo_items_container">
     <?= $block->getChildHtml('creditmemo_items') ?>
 </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/items/renderer/default.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/items/renderer/default.phtml
index 9be76abb3351f..80ad5302392ae 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/view/items/renderer/default.phtml
@@ -13,7 +13,7 @@
     <td class="col-price">
         <?= $block->getColumnHtml($_item, 'price') ?>
     </td>
-    <td class="col-qty"><?= (int) $_item->getQty()*1 ?></td>
+    <td class="col-qty"><?= (int) $_item->getQty() ?></td>
     <td class="col-subtotal">
         <?= $block->getColumnHtml($_item, 'subtotal') ?>
     </td>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/details.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/details.phtml
index a3f7f62bbe193..961baf5499652 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/details.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/details.phtml
@@ -41,7 +41,7 @@ $_order = $block->getOrder() ?>
             <br /><?= $block->escapeHtml(__('Message:')) ?><br /> <?= $block->escapeHtml($_giftMessage->getMessage()) ?>
             <?php endif; ?>
             </td>
-            <td align="center" valign="top" style="padding:3px 9px"><?= (int) $_item->getQtyOrdered()*1 ?></td>
+            <td align="center" valign="top" style="padding:3px 9px"><?= (int) $_item->getQtyOrdered() ?></td>
             <td align="right" valign="top" style="padding:3px 9px"><?= /* @noEscape */ $_order->formatPrice($_item->getRowTotal()) ?></td>
         </tr>
 <?php endforeach; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/items/renderer/default.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/items/renderer/default.phtml
index 0e0b4ea3e9e31..98ae143e30c0b 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/items/renderer/default.phtml
@@ -16,9 +16,9 @@
     <?php if ($block->canEditQty()) : ?>
         <input type="text" class="input-text admin__control-text qty-input"
                name="invoice[items][<?= (int) $_item->getOrderItemId() ?>]"
-               value="<?= (int) $_item->getQty()*1 ?>"/>
+               value="<?= (int) $_item->getQty() ?>"/>
     <?php else : ?>
-        <?= (int) $_item->getQty()*1 ?>
+        <?= (int) $_item->getQty() ?>
     <?php endif; ?>
     </td>
     <td class="col-subtotal">
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/items/renderer/default.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/items/renderer/default.phtml
index 50142150716f6..59301931c73c7 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/items/renderer/default.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/view/items/renderer/default.phtml
@@ -13,7 +13,7 @@
     <td class="col-price">
         <?= $block->getColumnHtml($_item, 'price') ?>
     </td>
-    <td class="col-qty"><?= (int) $_item->getQty()*1 ?></td>
+    <td class="col-qty"><?= (int) $_item->getQty() ?></td>
     <td class="col-subtotal">
         <?= $block->getColumnHtml($_item, 'subtotal') ?>
     </td>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totalbar.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totalbar.phtml
index 0a9b6c806c4ce..b3a0e6a71dfc0 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totalbar.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totalbar.phtml
@@ -7,7 +7,7 @@
 // @deprecated
 $totals = $block->getTotals();
 ?>
-<?php if ($totals && !empty($totals)) : ?>
+<?php if ($totals && count($totals) > 0) : ?>
 <table class="items-to-invoice">
     <tr>
     <?php foreach ($totals as $total) : ?>

From b75b442250331bdcc6d23f8c39a29881598320dd Mon Sep 17 00:00:00 2001
From: Dave Macaulay <macaulay@adobe.com>
Date: Mon, 3 Jun 2019 15:15:38 -0500
Subject: [PATCH 13/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Resolve admin CR comments
---
 .../adminhtml/templates/order/create/coupons/form.phtml   | 7 ++-----
 .../adminhtml/templates/order/create/form/address.phtml   | 8 +++++---
 .../view/adminhtml/templates/order/create/sidebar.phtml   | 2 +-
 .../adminhtml/templates/order/create/sidebar/items.phtml  | 4 ++--
 .../order/creditmemo/create/totals/adjustments.phtml      | 8 ++++----
 .../adminhtml/templates/order/invoice/create/form.phtml   | 2 +-
 .../view/adminhtml/templates/order/totals/item.phtml      | 8 ++++++--
 .../view/adminhtml/templates/order/view/giftmessage.phtml | 2 +-
 .../view/adminhtml/templates/order/view/history.phtml     | 2 +-
 .../Sales/view/adminhtml/templates/order/view/items.phtml | 2 +-
 .../view/adminhtml/templates/transactions/detail.phtml    | 2 +-
 11 files changed, 25 insertions(+), 22 deletions(-)

diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/coupons/form.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/coupons/form.phtml
index a0e2b5a059263..e88b6ee330e97 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/coupons/form.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/coupons/form.phtml
@@ -5,10 +5,7 @@
  */
 ?>
 <?php
-/**
- * \Magento\Sales\Block\Adminhtml\Order\Create\Coupons
- *
- */
+/* @var \Magento\Sales\Block\Adminhtml\Order\Create\Coupons $block */
 ?>
 <div class="admin__field field-apply-coupon-code">
     <label class="admin__field-label"><span><?= $block->escapeHtml(__('Apply Coupon Code')) ?></span></label>
@@ -18,7 +15,7 @@
         <?php if ($block->getCouponCode()) : ?>
         <p class="added-coupon-code">
             <span><?= $block->escapeHtml($block->getCouponCode()) ?></span>
-            <a href="#" onclick="order.applyCoupon(''); return false;" title="<?= $block->escapeHtml(__('Remove Coupon Code')) ?>"
+            <a href="#" onclick="order.applyCoupon(''); return false;" title="<?= $block->escapeHtmlAttr(__('Remove Coupon Code')) ?>"
                class="action-remove"><span><?= $block->escapeHtml(__('Remove')) ?></span></a>
         </p>
         <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml
index 9464e75182396..5ce001474f5f5 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml
@@ -4,6 +4,8 @@
  * See COPYING.txt for license details.
  */
 
+/** @var \Magento\Sales\Block\Adminhtml\Order\Create\Form\Address $block */
+
 /**
  * @var \Magento\Customer\Model\ResourceModel\Address\Collection $addressCollection
  */
@@ -66,7 +68,7 @@ endif; ?>
             <?php $_id = $block->getForm()->getHtmlIdPrefix() . 'customer_address_id' ?>
             <div class="admin__field-control">
                 <select id="<?= $block->escapeHtmlAttr($_id) ?>"
-                        name="<?= $block->getForm()->getHtmlNamePrefix() ?>[customer_address_id]"
+                        name="<?= $block->escapeHtmlAttr($block->getForm()->getHtmlNamePrefix()) ?>[customer_address_id]"
                         onchange="order.selectAddress(this, '<?= $block->escapeJs($_fieldsContainerId) ?>')"
                         class="admin__control-select">
                     <option value=""><?= $block->escapeHtml(__('Add New Address')) ?></option>
@@ -85,8 +87,8 @@ endif; ?>
         <?= $block->getForm()->toHtml() ?>
 
         <div class="admin__field admin__field-option order-save-in-address-book">
-            <input name="<?= $block->getForm()->getHtmlNamePrefix() ?>[save_in_address_book]" type="checkbox" id="<?= $block->getForm()->getHtmlIdPrefix() ?>save_in_address_book" value="1"<?php if (!$block->getDontSaveInAddressBook()) : ?> checked="checked"<?php endif; ?> class="admin__control-checkbox"/>
-            <label for="<?= $block->getForm()->getHtmlIdPrefix() ?>save_in_address_book"
+            <input name="<?= $block->escapeHtmlAttr($block->getForm()->getHtmlNamePrefix()) ?>[save_in_address_book]" type="checkbox" id="<?= $block->escapeHtmlAttr($block->getForm()->getHtmlIdPrefix()) ?>save_in_address_book" value="1"<?php if (!$block->getDontSaveInAddressBook()) : ?> checked="checked"<?php endif; ?> class="admin__control-checkbox"/>
+            <label for="<?= $block->escapeHtmlAttr($block->getForm()->getHtmlIdPrefix()) ?>save_in_address_book"
                    class="admin__field-label"><?= $block->escapeHtml(__('Save in address book')) ?></label>
         </div>
     </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar.phtml
index 759187363a42d..d4dea4eb85a57 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar.phtml
@@ -13,7 +13,7 @@
     <?php foreach ($block->getLayout()->getChildBlocks($block->getNameInLayout()) as $_alias => $_child) : ?>
         <?php if ($_alias != 'top_button' && $_alias != 'bottom_button') : ?>
             <?php if ($block->canDisplay($_child)) : ?>
-                <div class="order-sidebar-block" id="order-sidebar_<?= /* @noEscape */ $_alias ?>">
+                <div class="order-sidebar-block" id="order-sidebar_<?= $block->escapeHtmlAttr($_alias) ?>">
                     <?= $block->getChildHtml($_alias) ?>
                 </div>
             <?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml
index aebf82a8dee67..dab7025d0c6ae 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml
@@ -90,14 +90,14 @@
                                     <a href="#"
                                        class="icon icon-configure"
                                        title="<?= $block->escapeHtml(__('Configure and Add to Order')) ?>"
-                                       onclick="order.sidebarConfigureProduct('<?= 'sidebar_wishlist' ?>', <?= (int) $block->getProductId($_item) ?>, <?= (int) $block->getItemId($_item) ?>); return false;">
+                                       onclick="order.sidebarConfigureProduct('sidebar_wishlist', <?= (int) $block->getProductId($_item) ?>, <?= (int) $block->getItemId($_item) ?>); return false;">
                                         <span><?= $block->escapeHtml(__('Configure and Add to Order')) ?></span>
                                     </a>
                                 <?php elseif ($block->isConfigurationRequired($_item->getTypeId())) : ?>
                                     <a href="#"
                                        class="icon icon-configure"
                                        title="<?= $block->escapeHtml(__('Configure and Add to Order')) ?>"
-                                       onclick="order.sidebarConfigureProduct('<?= 'sidebar' ?>', <?= (int) $block->getProductId($_item) ?>); return false;">
+                                       onclick="order.sidebarConfigureProduct('sidebar', <?= (int) $block->getProductId($_item) ?>); return false;">
                                         <span><?= $block->escapeHtml(__('Configure and Add to Order')) ?></span>
                                     </a>
                                 <?php else : ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/totals/adjustments.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/totals/adjustments.phtml
index bd7d16fb5a561..495d520545194 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/totals/adjustments.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/creditmemo/create/totals/adjustments.phtml
@@ -11,7 +11,7 @@
         <td>
             <input type="text"
                    name="creditmemo[shipping_amount]"
-                   value="<?= /* @noEscape */ $block->getShippingAmount() ?>"
+                   value="<?= $block->escapeHtmlAttr($block->getShippingAmount()) ?>"
                    class="input-text admin__control-text not-negative-amount"
                    id="shipping_amount" />
         </td>
@@ -21,7 +21,7 @@
         <td>
             <input type="text"
                    name="creditmemo[adjustment_positive]"
-                   value="<?= /* @noEscape */ $_source->getBaseAdjustmentPositive() ?>"
+                   value="<?= $block->escapeHtmlAttr($_source->getBaseAdjustmentPositive()) ?>"
                    class="input-text admin__control-text not-negative-amount"
                    id="adjustment_positive" />
         </td>
@@ -31,7 +31,7 @@
         <td>
             <input type="text"
                    name="creditmemo[adjustment_negative]"
-                   value="<?= /* @noEscape */ $_source->getBaseAdjustmentNegative() ?>"
+                   value="<?= $block->escapeHtmlAttr($_source->getBaseAdjustmentNegative()) ?>"
                    class="input-text admin__control-text not-negative-amount"
                    id="adjustment_negative"/>
             <script>
@@ -39,7 +39,7 @@
 
                 //<![CDATA[
                 Validation.addAllThese([
-                    ['not-negative-amount', '<?= $block->escapeHtml(__('Please enter a positive number in this field.')) ?>', function(v) {
+                    ['not-negative-amount', '<?= $block->escapeJs(__('Please enter a positive number in this field.')) ?>', function(v) {
                         if(v.length)
                             return /^\s*\d+([,.]\d+)*\s*%?\s*$/.test(v);
                         else
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/form.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/form.phtml
index 3ee670e8885bd..da9f0d273af24 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/form.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/invoice/create/form.phtml
@@ -91,7 +91,7 @@ require(['prototype'], function(){
     }
 
     /*forced creating of shipment*/
-    var forcedShipmentCreate = <?= /* @noEscape */ $block->getForcedShipmentCreate() ?>;
+    var forcedShipmentCreate = <?= (int) $block->getForcedShipmentCreate() ?>;
     var shipmentElement = $('invoice_do_shipment');
     if (forcedShipmentCreate && shipmentElement) {
         shipmentElement.checked = true;
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/item.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/item.phtml
index 905681ecc2795..f3590654181c2 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/totals/item.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/totals/item.phtml
@@ -11,10 +11,14 @@
     <tr>
         <td class="label">
             <?php if ($block->getStrong()) : ?>
-                <strong><?php endif; ?><?= $block->escapeHtml(__($block->getLabel())) ?><?php if ($block->getStrong()) : ?></strong>
+                <strong>
+            <?php endif; ?>
+            <?= $block->escapeHtml(__($block->getLabel())) ?>
+            <?php if ($block->getStrong()) : ?>
+                </strong>
             <?php endif; ?>
         </td>
-        <td <?= $block->getHtmlClass() ? ('class="' . $block->getHtmlClass() . '"') : '' ?>>
+        <td <?= $block->getHtmlClass() ? ('class="' . $block->escapeHtmlAttr($block->getHtmlClass()) . '"') : '' ?>>
             <?php if ($block->getStrong()) : ?><strong><?php endif; ?>
             <?= /* @noEscape */ $block->displayPriceAttribute($block->getSourceField()) ?>
             <?php if ($block->getStrong()) : ?></strong><?php endif; ?>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/view/giftmessage.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/view/giftmessage.phtml
index c0a51ef42c140..bf80f5df00b5e 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/view/giftmessage.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/view/giftmessage.phtml
@@ -8,7 +8,7 @@
 ?>
 <?php if ($block->canDisplayGiftmessage()) : ?>
     <?php $_required = $block->getMessage()->getMessage() != '' ?>
-    <div id="<?= $block->getHtmlId() ?>" class="admin__page-section-content giftmessage-whole-order-container">
+    <div id="<?= $block->escapeHtmlAttr($block->getHtmlId()) ?>" class="admin__page-section-content giftmessage-whole-order-container">
         <form class="entry-edit form-inline" id="<?= $block->escapeHtmlAttr($block->getFieldId('form')) ?>" action="<?= $block->escapeUrl($block->getSaveUrl()) ?>">
             <fieldset class="admin__fieldset">
                 <legend class="admin__legend"><span><?= $block->escapeHtml(__('Gift Message for the Entire Order')) ?></span></legend>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/view/history.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/view/history.phtml
index be5a3f417d88e..16643a29a7fbe 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/view/history.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/view/history.phtml
@@ -15,7 +15,7 @@
                 <div class="admin__field-control">
                     <select name="history[status]" id="history_status" class="admin__control-select">
                         <?php foreach ($block->getStatuses() as $_code => $_label) : ?>
-                            <option value="<?= $block->escapeHtml($_code) ?>"<?php if ($_code == $block->getOrder()->getStatus()) : ?> selected="selected"<?php endif; ?>><?= $block->escapeHtml($_label) ?></option>
+                            <option value="<?= $block->escapeHtmlAttr($_code) ?>"<?php if ($_code == $block->getOrder()->getStatus()) : ?> selected="selected"<?php endif; ?>><?= $block->escapeHtml($_label) ?></option>
                         <?php endforeach; ?>
                     </select>
                 </div>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/view/items.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/view/items.phtml
index 6da7f6fc0471c..734ad24b02fcf 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/view/items.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/view/items.phtml
@@ -17,7 +17,7 @@ $_order = $block->getOrder() ?>
                 $lastItemNumber = count($columns) ?>
                 <?php foreach ($columns as $columnName => $columnTitle) : ?>
                     <?php $i++; ?>
-                    <th class="col-<?= /* @noEscape */ $columnName ?><?= /* @noEscape */ ($i === $lastItemNumber ? ' last' : '') ?>"><span><?= $block->escapeHtml($columnTitle) ?></span></th>
+                    <th class="col-<?= $block->escapeHtmlAttr($columnName) ?><?= /* @noEscape */ ($i === $lastItemNumber ? ' last' : '') ?>"><span><?= $block->escapeHtml($columnTitle) ?></span></th>
                 <?php endforeach; ?>
             </tr>
         </thead>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/transactions/detail.phtml b/app/code/Magento/Sales/view/adminhtml/templates/transactions/detail.phtml
index 9a2584b79653d..01b7548be15cd 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/transactions/detail.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/transactions/detail.phtml
@@ -4,7 +4,7 @@
  * See COPYING.txt for license details.
  */
 
-/* @var \Magento\Sales\Block\Adminhtml\Transactions\Detail\ $block */
+/* @var \Magento\Sales\Block\Adminhtml\Transactions\Detail $block */
 ?>
 <div data-mage-init='{"floatingHeader": {}}' class="page-actions"><?= $block->getButtonsHtml() ?></div>
 <section class="admin__page-section">

From b5fcfbd4748df1dbe3cee7988c7e8eec2a038213 Mon Sep 17 00:00:00 2001
From: Dave Macaulay <macaulay@adobe.com>
Date: Tue, 4 Jun 2019 16:02:04 -0500
Subject: [PATCH 14/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Resolve admin functional test failure
---
 .../adminhtml/templates/order/create/sidebar/items.phtml    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml
index dab7025d0c6ae..5e26e2fa23064 100644
--- a/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml
+++ b/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar/items.phtml
@@ -5,11 +5,11 @@
  */
 ?>
 <?php /* @var $block \Magento\Sales\Block\Adminhtml\Order\Create\Sidebar\AbstractSidebar */ ?>
-<div class="create-order-sidebar-block" id="sidebar_data_<?= (int) $block->getDataId() ?>">
+<div class="create-order-sidebar-block" id="sidebar_data_<?= $block->escapeHtmlAttr($block->getDataId()) ?>">
     <div class="head sidebar-title-block">
         <a href="#" class="action-refresh"
            title="<?= $block->escapeHtml(__('Refresh')) ?>"
-           onclick="order.loadArea('sidebar_<?= (int) $block->getDataId() ?>', 'sidebar_data_<?= (int) $block->getDataId() ?>');return false;">
+           onclick="order.loadArea('sidebar_<?= $block->escapeJs($block->getDataId()) ?>', 'sidebar_data_<?= $block->escapeJs($block->getDataId()) ?>');return false;">
             <span><?= $block->escapeHtml(__('Refresh')) ?></span>
         </a>
         <h5 class="create-order-sidebar-label">
@@ -75,7 +75,7 @@
                                            type="checkbox"
                                            class="admin__control-checkbox"
                                            name="sidebar[remove][<?= (int) $block->getItemId($_item) ?>]"
-                                           value="<?= (int) $block->getDataId() ?>"
+                                           value="<?= $block->escapeHtmlAttr($block->getDataId()) ?>"
                                            title="<?= $block->escapeHtml(__('Remove')) ?>" />
                                     <label class="admin__field-label"
                                            for="sidebar-remove-<?= $block->escapeHtmlAttr($block->getSidebarStorageAction()) ?>-<?= (int) $block->getItemId($_item) ?>">

From 30244fd5daeead10739d9105c29f92dcf10dbc15 Mon Sep 17 00:00:00 2001
From: David Haecker <dhaecker@magento.com>
Date: Tue, 11 Jun 2019 19:44:08 -0500
Subject: [PATCH 15/16] MC-16618: Eliminate @escapeNotVerified in Sales-related
 Modules

- Skipping unstable MFTF tests
---
 .../StorefrontAddBundleDynamicProductToShoppingCartTest.xml    | 3 +++
 ...amicProductToShoppingCartWithDisableMiniCartSidebarTest.xml | 3 +++
 .../StorefrontAddConfigurableProductToShoppingCartTest.xml     | 3 +++
 ...rontAddTwoBundleMultiSelectOptionsToTheShoppingCartTest.xml | 3 +++
 4 files changed, 12 insertions(+)

diff --git a/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddBundleDynamicProductToShoppingCartTest.xml b/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddBundleDynamicProductToShoppingCartTest.xml
index 4d9b90f5713c2..8ea2fea2cb8a5 100644
--- a/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddBundleDynamicProductToShoppingCartTest.xml
+++ b/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddBundleDynamicProductToShoppingCartTest.xml
@@ -15,6 +15,9 @@
             <testCaseId value="MC-14715"/>
             <severity value="CRITICAL"/>
             <group value="mtf_migrated"/>
+            <skip>
+                <issueId value="MC-16684"/>
+            </skip>
         </annotations>
 
         <before>
diff --git a/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddBundleDynamicProductToShoppingCartWithDisableMiniCartSidebarTest.xml b/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddBundleDynamicProductToShoppingCartWithDisableMiniCartSidebarTest.xml
index 3dae3b3ae58d5..966ad62a23d04 100644
--- a/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddBundleDynamicProductToShoppingCartWithDisableMiniCartSidebarTest.xml
+++ b/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddBundleDynamicProductToShoppingCartWithDisableMiniCartSidebarTest.xml
@@ -15,6 +15,9 @@
             <testCaseId value="MC-14719"/>
             <severity value="CRITICAL"/>
             <group value="mtf_migrated"/>
+            <skip>
+                <issueId value="MC-16684"/>
+            </skip>
         </annotations>
 
         <before>
diff --git a/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddConfigurableProductToShoppingCartTest.xml b/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddConfigurableProductToShoppingCartTest.xml
index d1196d9abec46..4aeecbf169700 100644
--- a/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddConfigurableProductToShoppingCartTest.xml
+++ b/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddConfigurableProductToShoppingCartTest.xml
@@ -15,6 +15,9 @@
             <testCaseId value="MC-14716"/>
             <severity value="CRITICAL"/>
             <group value="mtf_migrated"/>
+            <skip>
+                <issueId value="MC-16684"/>
+            </skip>
         </annotations>
 
         <before>
diff --git a/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddTwoBundleMultiSelectOptionsToTheShoppingCartTest.xml b/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddTwoBundleMultiSelectOptionsToTheShoppingCartTest.xml
index a6b7fd80e1d68..d9c76e0de7fa5 100644
--- a/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddTwoBundleMultiSelectOptionsToTheShoppingCartTest.xml
+++ b/app/code/Magento/Checkout/Test/Mftf/Test/StorefrontAddTwoBundleMultiSelectOptionsToTheShoppingCartTest.xml
@@ -15,6 +15,9 @@
             <testCaseId value="MC-14728"/>
             <severity value="CRITICAL"/>
             <group value="mtf_migrated"/>
+            <skip>
+                <issueId value="MC-16684"/>
+            </skip>
         </annotations>
 
         <before>

From 07e0ccc0af61b10af5d98616d35b4c1fe9141afc Mon Sep 17 00:00:00 2001
From: Anthoula Wojczak <awojczak@adobe.com>
Date: Fri, 14 Jun 2019 11:14:39 -0500
Subject: [PATCH 16/16] MC-17439: Code Improvements: FQCN usage

- remove FQCN usage in recently added classes
---
 .../Magento/AdminNotification/Model/Feed.php  | 12 ++--
 .../Catalog/Block/Adminhtml/Product/Edit.php  |  8 ++-
 .../Tab/Newsletter/Grid/Renderer/Action.php   | 13 +++--
 .../Model/Address/Validator/Country.php       | 12 ++--
 .../Directory/Model/ResourceModel/Country.php | 18 +++---
 .../Magento/Reports/Block/Adminhtml/Grid.php  |  2 +-
 .../Translation/Model/Inline/Parser.php       | 57 +++++++++++--------
 .../Model/ResourceModel/StringUtils.php       | 13 +++--
 app/code/Magento/Webapi/Model/Soap/Fault.php  | 12 ++--
 .../Widget/Setup/LayoutUpdateConverter.php    | 12 ++--
 .../Wishlist/Controller/Index/Send.php        | 11 ++--
 .../Magento/Framework/Convert/Excel.php       | 12 ++--
 .../Framework/Data/Form/Filter/Escapehtml.php | 13 +++--
 .../Magento/Framework/View/Page/Config.php    | 14 +++--
 .../Setup/Model/DependencyReadinessCheck.php  | 12 ++--
 .../Setup/Model/UninstallDependencyCheck.php  | 12 ++--
 16 files changed, 137 insertions(+), 96 deletions(-)

diff --git a/app/code/Magento/AdminNotification/Model/Feed.php b/app/code/Magento/AdminNotification/Model/Feed.php
index 05b6922673e49..b99a8bbbc9031 100644
--- a/app/code/Magento/AdminNotification/Model/Feed.php
+++ b/app/code/Magento/AdminNotification/Model/Feed.php
@@ -5,6 +5,8 @@
  */
 namespace Magento\AdminNotification\Model;
 
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Config\ConfigOptionsListConstants;
 
 /**
@@ -26,7 +28,7 @@ class Feed extends \Magento\Framework\Model\AbstractModel
     const XML_LAST_UPDATE_PATH = 'system/adminnotification/last_update';
 
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
@@ -82,7 +84,7 @@ class Feed extends \Magento\Framework\Model\AbstractModel
      * @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource
      * @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
      * @param array $data
-     * @param \Magento\Framework\Escaper|null $escaper
+     * @param Escaper|null $escaper
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -97,7 +99,7 @@ public function __construct(
         \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
         \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
         array $data = [],
-        \Magento\Framework\Escaper $escaper = null
+        Escaper $escaper = null
     ) {
         parent::__construct($context, $registry, $resource, $resourceCollection, $data);
         $this->_backendConfig = $backendConfig;
@@ -106,8 +108,8 @@ public function __construct(
         $this->_deploymentConfig = $deploymentConfig;
         $this->productMetadata = $productMetadata;
         $this->urlBuilder = $urlBuilder;
-        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
-            \Magento\Framework\Escaper::class
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
         );
     }
 
diff --git a/app/code/Magento/Catalog/Block/Adminhtml/Product/Edit.php b/app/code/Magento/Catalog/Block/Adminhtml/Product/Edit.php
index bef8ff9cf9112..e6afc41ebebac 100644
--- a/app/code/Magento/Catalog/Block/Adminhtml/Product/Edit.php
+++ b/app/code/Magento/Catalog/Block/Adminhtml/Product/Edit.php
@@ -12,13 +12,15 @@
  */
 namespace Magento\Catalog\Block\Adminhtml\Product;
 
+use Magento\Framework\Escaper;
+
 /**
  * Class Edit
  */
 class Edit extends \Magento\Backend\Block\Widget
 {
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
@@ -55,7 +57,7 @@ class Edit extends \Magento\Backend\Block\Widget
      * @param \Magento\Eav\Model\Entity\Attribute\SetFactory $attributeSetFactory
      * @param \Magento\Framework\Registry $registry
      * @param \Magento\Catalog\Helper\Product $productHelper
-     * @param \Magento\Framework\Escaper $escaper
+     * @param Escaper $escaper
      * @param array $data
      */
     public function __construct(
@@ -64,7 +66,7 @@ public function __construct(
         \Magento\Eav\Model\Entity\Attribute\SetFactory $attributeSetFactory,
         \Magento\Framework\Registry $registry,
         \Magento\Catalog\Helper\Product $productHelper,
-        \Magento\Framework\Escaper $escaper,
+        Escaper $escaper,
         array $data = []
     ) {
         $this->_productHelper = $productHelper;
diff --git a/app/code/Magento/Customer/Block/Adminhtml/Edit/Tab/Newsletter/Grid/Renderer/Action.php b/app/code/Magento/Customer/Block/Adminhtml/Edit/Tab/Newsletter/Grid/Renderer/Action.php
index 500646c8e05a7..b9ef3966169a6 100644
--- a/app/code/Magento/Customer/Block/Adminhtml/Edit/Tab/Newsletter/Grid/Renderer/Action.php
+++ b/app/code/Magento/Customer/Block/Adminhtml/Edit/Tab/Newsletter/Grid/Renderer/Action.php
@@ -5,13 +5,16 @@
  */
 namespace Magento\Customer\Block\Adminhtml\Edit\Tab\Newsletter\Grid\Renderer;
 
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
+
 /**
  * Adminhtml newsletter queue grid block action item renderer
  */
 class Action extends \Magento\Backend\Block\Widget\Grid\Column\Renderer\AbstractRenderer
 {
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
@@ -26,17 +29,17 @@ class Action extends \Magento\Backend\Block\Widget\Grid\Column\Renderer\Abstract
      * @param \Magento\Backend\Block\Context $context
      * @param \Magento\Framework\Registry $registry
      * @param array $data
-     * @param \Magento\Framework\Escaper|null $escaper
+     * @param Escaper|null $escaper
      */
     public function __construct(
         \Magento\Backend\Block\Context $context,
         \Magento\Framework\Registry $registry,
         array $data = [],
-        \Magento\Framework\Escaper $escaper = null
+        Escaper $escaper = null
     ) {
         $this->_coreRegistry = $registry;
-        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
-            \Magento\Framework\Escaper::class
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
         );
         parent::__construct($context, $data);
     }
diff --git a/app/code/Magento/Customer/Model/Address/Validator/Country.php b/app/code/Magento/Customer/Model/Address/Validator/Country.php
index 43859dc102a7c..e0eb1cbadd862 100644
--- a/app/code/Magento/Customer/Model/Address/Validator/Country.php
+++ b/app/code/Magento/Customer/Model/Address/Validator/Country.php
@@ -9,6 +9,8 @@
 use Magento\Customer\Model\Address\ValidatorInterface;
 use Magento\Directory\Helper\Data;
 use Magento\Directory\Model\AllowedCountries;
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
 use Magento\Store\Model\ScopeInterface;
 
 /**
@@ -17,7 +19,7 @@
 class Country implements ValidatorInterface
 {
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
@@ -34,17 +36,17 @@ class Country implements ValidatorInterface
     /**
      * @param Data $directoryData
      * @param AllowedCountries $allowedCountriesReader
-     * @param \Magento\Framework\Escaper|null $escaper
+     * @param Escaper|null $escaper
      */
     public function __construct(
         Data $directoryData,
         AllowedCountries $allowedCountriesReader,
-        \Magento\Framework\Escaper $escaper = null
+        Escaper $escaper = null
     ) {
         $this->directoryData = $directoryData;
         $this->allowedCountriesReader = $allowedCountriesReader;
-        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
-            \Magento\Framework\Escaper::class
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
         );
     }
 
diff --git a/app/code/Magento/Directory/Model/ResourceModel/Country.php b/app/code/Magento/Directory/Model/ResourceModel/Country.php
index da6b478a9d664..d248dd407a7ee 100644
--- a/app/code/Magento/Directory/Model/ResourceModel/Country.php
+++ b/app/code/Magento/Directory/Model/ResourceModel/Country.php
@@ -5,6 +5,10 @@
  */
 namespace Magento\Directory\Model\ResourceModel;
 
+use Magento\Framework\Model\ResourceModel\Db\Context;
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
+
 /**
  * Country Resource Model
  *
@@ -14,22 +18,22 @@
 class Country extends \Magento\Framework\Model\ResourceModel\Db\AbstractDb
 {
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
     /**
-     * @param \Magento\Framework\Model\ResourceModel\Db\Context $context
+     * @param Context $context
      * @param null|string $connectionName
-     * @param \Magento\Framework\Escaper|null $escaper
+     * @param Escaper|null $escaper
      */
     public function __construct(
-        \Magento\Framework\Model\ResourceModel\Db\Context $context,
+        Context $context,
         ?string $connectionName = null,
-        \Magento\Framework\Escaper $escaper = null
+        Escaper $escaper = null
     ) {
-        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
-            \Magento\Framework\Escaper::class
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
         );
         parent::__construct($context, $connectionName);
     }
diff --git a/app/code/Magento/Reports/Block/Adminhtml/Grid.php b/app/code/Magento/Reports/Block/Adminhtml/Grid.php
index e784845dd950b..1851e959e7a58 100644
--- a/app/code/Magento/Reports/Block/Adminhtml/Grid.php
+++ b/app/code/Magento/Reports/Block/Adminhtml/Grid.php
@@ -92,7 +92,7 @@ class Grid extends \Magento\Backend\Block\Widget\Grid
      * @param Data $backendHelper
      * @param array $data
      * @param DecoderInterface|null $urlDecoder
-     * @param Parameters $parameters
+     * @param Parameters|null $parameters
      */
     public function __construct(
         Context $context,
diff --git a/app/code/Magento/Translation/Model/Inline/Parser.php b/app/code/Magento/Translation/Model/Inline/Parser.php
index e984fc9ee1a1a..c3f34770d889b 100644
--- a/app/code/Magento/Translation/Model/Inline/Parser.php
+++ b/app/code/Magento/Translation/Model/Inline/Parser.php
@@ -6,6 +6,15 @@
 
 namespace Magento\Translation\Model\Inline;
 
+use Magento\Translation\Model\ResourceModel\StringUtilsFactory;
+use Magento\Store\Model\StoreManagerInterface;
+use Magento\Framework\App\State;
+use Magento\Framework\App\Cache\TypeListInterface;
+use Magento\Framework\Translate\InlineInterface;
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
+use Magento\Translation\Model\Inline\CacheManager;
+
 /**
  * Parse content, applying necessary html element wrapping and client scripts for inline translation.
  *
@@ -19,7 +28,7 @@ class Parser implements \Magento\Framework\Translate\Inline\ParserInterface
     const DATA_TRANSLATE = 'data-translate';
 
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
@@ -101,7 +110,7 @@ class Parser implements \Magento\Framework\Translate\Inline\ParserInterface
     protected $_resourceFactory;
 
     /**
-     * @var \Magento\Store\Model\StoreManagerInterface
+     * @var StoreManagerInterface
      */
     protected $_storeManager;
 
@@ -111,22 +120,22 @@ class Parser implements \Magento\Framework\Translate\Inline\ParserInterface
     protected $_inputFilter;
 
     /**
-     * @var \Magento\Framework\App\State
+     * @var State
      */
     protected $_appState;
 
     /**
-     * @var \Magento\Framework\Translate\InlineInterface
+     * @var InlineInterface
      */
     protected $_translateInline;
 
     /**
-     * @var \Magento\Framework\App\Cache\TypeListInterface
+     * @var TypeListInterface
      */
     protected $_appCache;
 
     /**
-     * @var \Magento\Translation\Model\Inline\CacheManager
+     * @var CacheManager
      */
     private $cacheManager;
 
@@ -138,15 +147,15 @@ class Parser implements \Magento\Framework\Translate\Inline\ParserInterface
     /**
      * Return cache manager
      *
-     * @return \Magento\Translation\Model\Inline\CacheManager
+     * @return CacheManager
      *
      * @deprecated 100.1.0
      */
     private function getCacheManger()
     {
-        if (!$this->cacheManager instanceof \Magento\Translation\Model\Inline\CacheManager) {
-            $this->cacheManager = \Magento\Framework\App\ObjectManager::getInstance()->get(
-                \Magento\Translation\Model\Inline\CacheManager::class
+        if (!$this->cacheManager instanceof CacheManager) {
+            $this->cacheManager = ObjectManager::getInstance()->get(
+                CacheManager::class
             );
         }
         return $this->cacheManager;
@@ -155,24 +164,24 @@ private function getCacheManger()
     /**
      * Initialize base inline translation model
      *
-     * @param \Magento\Translation\Model\ResourceModel\StringUtilsFactory $resource
-     * @param \Magento\Store\Model\StoreManagerInterface $storeManager
+     * @param StringUtilsFactory $resource
+     * @param StoreManagerInterface $storeManager
      * @param \Zend_Filter_Interface $inputFilter
-     * @param \Magento\Framework\App\State $appState
-     * @param \Magento\Framework\App\Cache\TypeListInterface $appCache
-     * @param \Magento\Framework\Translate\InlineInterface $translateInline
+     * @param State $appState
+     * @param TypeListInterface $appCache
+     * @param InlineInterface $translateInline
      * @param array $relatedCacheTypes
-     * @param \Magento\Framework\Escaper|null $escaper
+     * @param Escaper|null $escaper
      */
     public function __construct(
-        \Magento\Translation\Model\ResourceModel\StringUtilsFactory $resource,
-        \Magento\Store\Model\StoreManagerInterface $storeManager,
+        StringUtilsFactory $resource,
+        StoreManagerInterface $storeManager,
         \Zend_Filter_Interface $inputFilter,
-        \Magento\Framework\App\State $appState,
-        \Magento\Framework\App\Cache\TypeListInterface $appCache,
-        \Magento\Framework\Translate\InlineInterface $translateInline,
+        State $appState,
+        TypeListInterface $appCache,
+        InlineInterface $translateInline,
         array $relatedCacheTypes = [],
-        \Magento\Framework\Escaper $escaper = null
+        Escaper $escaper = null
     ) {
         $this->_resourceFactory = $resource;
         $this->_storeManager = $storeManager;
@@ -181,8 +190,8 @@ public function __construct(
         $this->_appCache = $appCache;
         $this->_translateInline = $translateInline;
         $this->relatedCacheTypes = $relatedCacheTypes;
-        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
-            \Magento\Framework\Escaper::class
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
         );
     }
 
diff --git a/app/code/Magento/Translation/Model/ResourceModel/StringUtils.php b/app/code/Magento/Translation/Model/ResourceModel/StringUtils.php
index 769336419d89b..be7656fbf61a7 100644
--- a/app/code/Magento/Translation/Model/ResourceModel/StringUtils.php
+++ b/app/code/Magento/Translation/Model/ResourceModel/StringUtils.php
@@ -5,13 +5,16 @@
  */
 namespace Magento\Translation\Model\ResourceModel;
 
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
+
 /**
  * String translation utilities
  */
 class StringUtils extends \Magento\Framework\Model\ResourceModel\Db\AbstractDb
 {
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
@@ -36,7 +39,7 @@ class StringUtils extends \Magento\Framework\Model\ResourceModel\Db\AbstractDb
      * @param \Magento\Framework\App\ScopeResolverInterface $scopeResolver
      * @param string $connectionName
      * @param string|null $scope
-     * @param \Magento\Framework\Escaper|null $escaper
+     * @param Escaper|null $escaper
      */
     public function __construct(
         \Magento\Framework\Model\ResourceModel\Db\Context $context,
@@ -44,13 +47,13 @@ public function __construct(
         \Magento\Framework\App\ScopeResolverInterface $scopeResolver,
         $connectionName = null,
         $scope = null,
-        \Magento\Framework\Escaper $escaper = null
+        Escaper $escaper = null
     ) {
         $this->_localeResolver = $localeResolver;
         $this->scopeResolver = $scopeResolver;
         $this->scope = $scope;
-        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
-            \Magento\Framework\Escaper::class
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
         );
         parent::__construct($context, $connectionName);
     }
diff --git a/app/code/Magento/Webapi/Model/Soap/Fault.php b/app/code/Magento/Webapi/Model/Soap/Fault.php
index 7214f37d04468..102dcbe6a662b 100644
--- a/app/code/Magento/Webapi/Model/Soap/Fault.php
+++ b/app/code/Magento/Webapi/Model/Soap/Fault.php
@@ -8,6 +8,8 @@
 namespace Magento\Webapi\Model\Soap;
 
 use Magento\Framework\App\State;
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
 
 /**
  * Webapi Fault Model for Soap.
@@ -43,7 +45,7 @@ class Fault
     /**#@-*/
 
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
@@ -116,7 +118,7 @@ class Fault
      * @param \Magento\Framework\Webapi\Exception $exception
      * @param \Magento\Framework\Locale\ResolverInterface $localeResolver
      * @param State $appState
-     * @param \Magento\Framework\Escaper|null $escaper
+     * @param Escaper|null $escaper
      */
     public function __construct(
         \Magento\Framework\App\RequestInterface $request,
@@ -124,7 +126,7 @@ public function __construct(
         \Magento\Framework\Webapi\Exception $exception,
         \Magento\Framework\Locale\ResolverInterface $localeResolver,
         State $appState,
-        \Magento\Framework\Escaper $escaper = null
+        Escaper $escaper = null
     ) {
         $this->_soapFaultCode = $exception->getOriginator();
         $this->_parameters = $exception->getDetails();
@@ -135,8 +137,8 @@ public function __construct(
         $this->_soapServer = $soapServer;
         $this->_localeResolver = $localeResolver;
         $this->appState = $appState;
-        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
-            \Magento\Framework\Escaper::class
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
         );
     }
 
diff --git a/app/code/Magento/Widget/Setup/LayoutUpdateConverter.php b/app/code/Magento/Widget/Setup/LayoutUpdateConverter.php
index 39b3d3c4b5a6e..423d72236ae95 100644
--- a/app/code/Magento/Widget/Setup/LayoutUpdateConverter.php
+++ b/app/code/Magento/Widget/Setup/LayoutUpdateConverter.php
@@ -8,6 +8,8 @@
 use Magento\Framework\Serialize\Serializer\Json;
 use Magento\Framework\Serialize\Serializer\Serialize;
 use Magento\Framework\Data\Wysiwyg\Normalizer;
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\DB\DataConverter\DataConversionException;
 use Magento\Framework\DB\DataConverter\SerializedToJson;
 
@@ -17,7 +19,7 @@
 class LayoutUpdateConverter extends SerializedToJson
 {
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
@@ -32,17 +34,17 @@ class LayoutUpdateConverter extends SerializedToJson
      * @param Serialize $serialize
      * @param Json $json
      * @param Normalizer $normalizer
-     * @param \Magento\Framework\Escaper|null $escaper
+     * @param Escaper|null $escaper
      */
     public function __construct(
         Serialize $serialize,
         Json $json,
         Normalizer $normalizer,
-        \Magento\Framework\Escaper $escaper = null
+        Escaper $escaper = null
     ) {
         $this->normalizer = $normalizer;
-        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
-            \Magento\Framework\Escaper::class
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
         );
         parent::__construct($serialize, $json);
     }
diff --git a/app/code/Magento/Wishlist/Controller/Index/Send.php b/app/code/Magento/Wishlist/Controller/Index/Send.php
index 20a5c64ab20c0..5d867ac74752b 100644
--- a/app/code/Magento/Wishlist/Controller/Index/Send.php
+++ b/app/code/Magento/Wishlist/Controller/Index/Send.php
@@ -16,6 +16,7 @@
 use Magento\Framework\View\Result\Layout as ResultLayout;
 use Magento\Captcha\Helper\Data as CaptchaHelper;
 use Magento\Captcha\Observer\CaptchaStringResolver;
+use Magento\Framework\Escaper;
 use Magento\Framework\Controller\Result\Redirect;
 use Magento\Framework\Controller\ResultInterface;
 use Magento\Framework\App\ObjectManager;
@@ -32,7 +33,7 @@
 class Send extends \Magento\Wishlist\Controller\AbstractIndex implements Action\HttpPostActionInterface
 {
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
@@ -110,7 +111,7 @@ class Send extends \Magento\Wishlist\Controller\AbstractIndex implements Action\
      * @param StoreManagerInterface $storeManager
      * @param CaptchaHelper|null $captchaHelper
      * @param CaptchaStringResolver|null $captchaStringResolver
-     * @param \Magento\Framework\Escaper|null $escaper
+     * @param Escaper|null $escaper
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -127,7 +128,7 @@ public function __construct(
         StoreManagerInterface $storeManager,
         ?CaptchaHelper $captchaHelper = null,
         ?CaptchaStringResolver $captchaStringResolver = null,
-        \Magento\Framework\Escaper $escaper = null
+        Escaper $escaper = null
     ) {
         $this->_formKeyValidator = $formKeyValidator;
         $this->_customerSession = $customerSession;
@@ -142,8 +143,8 @@ public function __construct(
         $this->captchaHelper = $captchaHelper ?: ObjectManager::getInstance()->get(CaptchaHelper::class);
         $this->captchaStringResolver = $captchaStringResolver ?
             : ObjectManager::getInstance()->get(CaptchaStringResolver::class);
-        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
-            \Magento\Framework\Escaper::class
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
         );
         parent::__construct($context);
     }
diff --git a/lib/internal/Magento/Framework/Convert/Excel.php b/lib/internal/Magento/Framework/Convert/Excel.php
index 13d8c0fa9d56b..e201978a8cb99 100644
--- a/lib/internal/Magento/Framework/Convert/Excel.php
+++ b/lib/internal/Magento/Framework/Convert/Excel.php
@@ -5,6 +5,8 @@
  */
 namespace Magento\Framework\Convert;
 
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Filesystem\File\WriteInterface;
 
 /**
@@ -13,7 +15,7 @@
 class Excel
 {
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
@@ -50,17 +52,17 @@ class Excel
      *
      * @param \Iterator $iterator
      * @param array $rowCallback
-     * @param \Magento\Framework\Escaper|null $escaper
+     * @param Escaper|null $escaper
      */
     public function __construct(
         \Iterator $iterator,
         $rowCallback = [],
-        \Magento\Framework\Escaper $escaper = null
+        Escaper $escaper = null
     ) {
         $this->_iterator = $iterator;
         $this->_rowCallback = $rowCallback;
-        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
-            \Magento\Framework\Escaper::class
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
         );
     }
 
diff --git a/lib/internal/Magento/Framework/Data/Form/Filter/Escapehtml.php b/lib/internal/Magento/Framework/Data/Form/Filter/Escapehtml.php
index 54821217ca124..5f9f3ea6d08a3 100644
--- a/lib/internal/Magento/Framework/Data/Form/Filter/Escapehtml.php
+++ b/lib/internal/Magento/Framework/Data/Form/Filter/Escapehtml.php
@@ -11,24 +11,27 @@
  */
 namespace Magento\Framework\Data\Form\Filter;
 
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
+
 /**
  * EscapeHtml Form Filter Data
  */
 class Escapehtml implements \Magento\Framework\Data\Form\Filter\FilterInterface
 {
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
     /**
-     * @param \Magento\Framework\Escaper|null $escaper
+     * @param Escaper|null $escaper
      */
     public function __construct(
-        \Magento\Framework\Escaper $escaper = null
+        Escaper $escaper = null
     ) {
-        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
-            \Magento\Framework\Escaper::class
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
         );
     }
 
diff --git a/lib/internal/Magento/Framework/View/Page/Config.php b/lib/internal/Magento/Framework/View/Page/Config.php
index 4e57b2897a8d0..44beaa9e604a1 100644
--- a/lib/internal/Magento/Framework/View/Page/Config.php
+++ b/lib/internal/Magento/Framework/View/Page/Config.php
@@ -9,6 +9,8 @@
 use Magento\Framework\App;
 use Magento\Framework\App\Area;
 use Magento\Framework\View;
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
 
 /**
  * An API for page configuration
@@ -55,7 +57,7 @@ class Config
     const HTML_ATTRIBUTE_LANG = 'lang';
 
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
@@ -155,7 +157,7 @@ class Config
     private function getAreaResolver()
     {
         if ($this->areaResolver === null) {
-            $this->areaResolver = \Magento\Framework\App\ObjectManager::getInstance()
+            $this->areaResolver = ObjectManager::getInstance()
                 ->get(\Magento\Framework\App\State::class);
         }
         return $this->areaResolver;
@@ -169,7 +171,7 @@ private function getAreaResolver()
      * @param Title $title
      * @param \Magento\Framework\Locale\ResolverInterface $localeResolver
      * @param bool $isIncludesAvailable
-     * @param \Magento\Framework\Escaper|null $escaper
+     * @param Escaper|null $escaper
      */
     public function __construct(
         View\Asset\Repository $assetRepo,
@@ -179,7 +181,7 @@ public function __construct(
         Title $title,
         \Magento\Framework\Locale\ResolverInterface $localeResolver,
         $isIncludesAvailable = true,
-        \Magento\Framework\Escaper $escaper = null
+        Escaper $escaper = null
     ) {
         $this->assetRepo = $assetRepo;
         $this->pageAssets = $pageAssets;
@@ -193,8 +195,8 @@ public function __construct(
             self::HTML_ATTRIBUTE_LANG,
             strstr($this->localeResolver->getLocale(), '_', true)
         );
-        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
-            \Magento\Framework\Escaper::class
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
         );
     }
 
diff --git a/setup/src/Magento/Setup/Model/DependencyReadinessCheck.php b/setup/src/Magento/Setup/Model/DependencyReadinessCheck.php
index 95912272dfa4c..d9f8d154abdf2 100644
--- a/setup/src/Magento/Setup/Model/DependencyReadinessCheck.php
+++ b/setup/src/Magento/Setup/Model/DependencyReadinessCheck.php
@@ -10,6 +10,8 @@
 use Magento\Framework\App\Filesystem\DirectoryList;
 use Magento\Framework\Composer\ComposerJsonFinder;
 use Magento\Framework\Composer\MagentoComposerApplicationFactory;
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Filesystem\Driver\File;
 
 /**
@@ -18,7 +20,7 @@
 class DependencyReadinessCheck
 {
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
@@ -54,22 +56,22 @@ class DependencyReadinessCheck
      * @param DirectoryList $directoryList
      * @param File $file
      * @param MagentoComposerApplicationFactory $composerAppFactory
-     * @param \Magento\Framework\Escaper|null $escaper
+     * @param Escaper|null $escaper
      */
     public function __construct(
         ComposerJsonFinder $composerJsonFinder,
         DirectoryList $directoryList,
         File $file,
         MagentoComposerApplicationFactory $composerAppFactory,
-        \Magento\Framework\Escaper $escaper = null
+        Escaper $escaper = null
     ) {
         $this->composerJsonFinder = $composerJsonFinder;
         $this->directoryList = $directoryList;
         $this->file = $file;
         $this->requireUpdateDryRunCommand = $composerAppFactory->createRequireUpdateDryRunCommand();
         $this->magentoComposerApplication = $composerAppFactory->create();
-        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
-            \Magento\Framework\Escaper::class
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
         );
     }
 
diff --git a/setup/src/Magento/Setup/Model/UninstallDependencyCheck.php b/setup/src/Magento/Setup/Model/UninstallDependencyCheck.php
index f3deb405ab6c0..3a2b6fda44025 100644
--- a/setup/src/Magento/Setup/Model/UninstallDependencyCheck.php
+++ b/setup/src/Magento/Setup/Model/UninstallDependencyCheck.php
@@ -10,6 +10,8 @@
 use Magento\Framework\Composer\DependencyChecker;
 use Magento\Framework\Exception\RuntimeException;
 use Magento\Theme\Model\Theme\ThemeDependencyChecker;
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
 
 /**
  * Class checks components dependencies for uninstall flow
@@ -17,7 +19,7 @@
 class UninstallDependencyCheck
 {
     /**
-     * @var \Magento\Framework\Escaper
+     * @var Escaper
      */
     private $escaper;
 
@@ -44,19 +46,19 @@ class UninstallDependencyCheck
      * @param ComposerInformation $composerInfo
      * @param DependencyChecker $dependencyChecker
      * @param ThemeDependencyCheckerFactory $themeDependencyCheckerFactory
-     * @param \Magento\Framework\Escaper|null $escaper
+     * @param Escaper|null $escaper
      */
     public function __construct(
         ComposerInformation $composerInfo,
         DependencyChecker $dependencyChecker,
         ThemeDependencyCheckerFactory $themeDependencyCheckerFactory,
-        \Magento\Framework\Escaper $escaper = null
+        Escaper $escaper = null
     ) {
         $this->composerInfo = $composerInfo;
         $this->packageDependencyChecker = $dependencyChecker;
         $this->themeDependencyChecker = $themeDependencyCheckerFactory->create();
-        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
-            \Magento\Framework\Escaper::class
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
         );
     }