diff --git a/app/code/Magento/AdminNotification/Model/Feed.php b/app/code/Magento/AdminNotification/Model/Feed.php
index d3b0b8501c864..05b6922673e49 100644
--- a/app/code/Magento/AdminNotification/Model/Feed.php
+++ b/app/code/Magento/AdminNotification/Model/Feed.php
@@ -25,6 +25,11 @@ class Feed extends \Magento\Framework\Model\AbstractModel
 
     const XML_LAST_UPDATE_PATH = 'system/adminnotification/last_update';
 
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * Feed url
      *
@@ -77,6 +82,7 @@ class Feed extends \Magento\Framework\Model\AbstractModel
      * @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource
      * @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
      * @param array $data
+     * @param \Magento\Framework\Escaper|null $escaper
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -90,21 +96,26 @@ public function __construct(
         \Magento\Framework\UrlInterface $urlBuilder,
         \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
         \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
-        array $data = []
+        array $data = [],
+        \Magento\Framework\Escaper $escaper = null
     ) {
         parent::__construct($context, $registry, $resource, $resourceCollection, $data);
-        $this->_backendConfig    = $backendConfig;
-        $this->_inboxFactory     = $inboxFactory;
-        $this->curlFactory       = $curlFactory;
+        $this->_backendConfig = $backendConfig;
+        $this->_inboxFactory = $inboxFactory;
+        $this->curlFactory = $curlFactory;
         $this->_deploymentConfig = $deploymentConfig;
-        $this->productMetadata   = $productMetadata;
-        $this->urlBuilder        = $urlBuilder;
+        $this->productMetadata = $productMetadata;
+        $this->urlBuilder = $urlBuilder;
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
     }
 
     /**
      * Init model
      *
      * @return void
+     * phpcs:disable Magento2.CodeAnalysis.EmptyBlock
      */
     protected function _construct()
     {
@@ -252,6 +263,6 @@ public function getFeedXml()
      */
     private function escapeString(\SimpleXMLElement $data)
     {
-        return htmlspecialchars((string)$data);
+        return $this->escaper->escapeHtml((string)$data);
     }
 }
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/admin/access_denied.phtml b/app/code/Magento/Backend/view/adminhtml/templates/admin/access_denied.phtml
index 843328fbf17d7..be309423c48d2 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/admin/access_denied.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/admin/access_denied.phtml
@@ -3,14 +3,13 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /**
  * @see \Magento\Backend\Block\Denied
  */
+
+// phpcs:disable Magento2.Security.Superglobal
 ?>
 <hr class="access-denied-hr"/>
 <div class="access-denied-page">
@@ -21,10 +20,10 @@
         <li><span><?= $block->escapeHtml(__('Contact a system administrator or store owner to gain permissions.')) ?></span></li>
         <li>
             <span><?= $block->escapeHtml(__('Return to ')) ?>
-                <?php if(isset($_SERVER['HTTP_REFERER'])): ?>
+                <?php if (isset($_SERVER['HTTP_REFERER'])) : ?>
                     <a href="<?= $block->escapeUrl(__($_SERVER['HTTP_REFERER'])) ?>">
                         <?= $block->escapeHtml(__('previous page')) ?></a><?= $block->escapeHtml(__('.')) ?>
-                <?php else: ?>
+                <?php else : ?>
                     <a href="<?= $block->escapeHtmlAttr(__('javascript:history.back()')) ?>">
                         <?= $block->escapeHtml(__('previous page')) ?></a><?= $block->escapeHtml(__('.')) ?>
                 <?php endif ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/admin/formkey.phtml b/app/code/Magento/Backend/view/adminhtml/templates/admin/formkey.phtml
index 9629db9fa455b..edc14190e4edf 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/admin/formkey.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/admin/formkey.phtml
@@ -4,4 +4,4 @@
  * See COPYING.txt for license details.
  */
 ?>
-<div><input name="form_key" type="hidden" value="<?= /* @escapeNotVerified */ $block->getFormKey() ?>" /></div>
+<div><input name="form_key" type="hidden" value="<?= $block->escapeHtmlAttr($block->getFormKey()) ?>" /></div>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/admin/login.phtml b/app/code/Magento/Backend/view/adminhtml/templates/admin/login.phtml
index 52d5dd6d114ee..1d05450f44c99 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/admin/login.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/admin/login.phtml
@@ -4,19 +4,20 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+/**
+ * @var \Magento\Framework\View\Element\AbstractBlock $block
+ */
 ?>
 
 <form method="post" action="" id="login-form" data-mage-init='{"form": {}, "validation": {}}' autocomplete="off">
     <fieldset class="admin__fieldset">
         <legend class="admin__legend">
-            <span><?= /* @escapeNotVerified */ __('Welcome, please sign in') ?></span>
+            <span><?= $block->escapeHtml(__('Welcome, please sign in')) ?></span>
         </legend><br/>
-        <input name="form_key" type="hidden" value="<?= /* @escapeNotVerified */ $block->getFormKey() ?>" />
+        <input name="form_key" type="hidden" value="<?= $block->escapeHtmlAttr($block->getFormKey()) ?>" />
         <div class="admin__field _required field-username">
             <label for="username" class="admin__field-label">
-                <span><?= /* @escapeNotVerified */ __('Username') ?></span>
+                <span><?= $block->escapeHtml(__('Username')) ?></span>
             </label>
             <div class="admin__field-control">
                 <input id="username"
@@ -26,14 +27,14 @@
                        autofocus
                        value=""
                        data-validate="{required:true}"
-                       placeholder="<?= /* @escapeNotVerified */ __('user name') ?>"
+                       placeholder="<?= $block->escapeHtmlAttr(__('user name')) ?>"
                        autocomplete="off"
                     />
             </div>
         </div>
         <div class="admin__field _required field-password">
             <label for="login" class="admin__field-label">
-                <span><?= /* @escapeNotVerified */ __('Password') ?></span>
+                <span><?= $block->escapeHtml(__('Password')) ?></span>
             </label>
             <div class="admin__field-control">
                 <input id="login"
@@ -42,7 +43,7 @@
                        name="login[password]"
                        data-validate="{required:true}"
                        value=""
-                       placeholder="<?= /* @escapeNotVerified */ __('password') ?>"
+                       placeholder="<?= $block->escapeHtmlAttr(__('password')) ?>"
                        autocomplete="off"
                     />
             </div>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/admin/login_buttons.phtml b/app/code/Magento/Backend/view/adminhtml/templates/admin/login_buttons.phtml
index 2459bc54e0c34..18ee8a86517c1 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/admin/login_buttons.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/admin/login_buttons.phtml
@@ -8,6 +8,6 @@
     <button
         <?php $block->getUiId(); ?>
         class="action-login action-primary">
-        <span><?= /* @escapeNotVerified */ __('Sign in') ?></span>
+        <span><?= $block->escapeHtml(__('Sign in')) ?></span>
     </button>
 </div>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/admin/overlay_popup.phtml b/app/code/Magento/Backend/view/adminhtml/templates/admin/overlay_popup.phtml
index 93509cc62f7d5..ac81861c9930d 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/admin/overlay_popup.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/admin/overlay_popup.phtml
@@ -3,15 +3,12 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <div class="wrapper-popup">
     <div class="middle" id="anchor-content">
         <div id="page:main-container">
-        <?php if ($block->getChildHtml('left')): ?>
-            <div class="columns <?= /* @escapeNotVerified */ $block->getContainerCssClass() ?>" id="page:container">
+        <?php if ($block->getChildHtml('left')) : ?>
+            <div class="columns <?= $block->escapeHtmlAttr($block->getContainerCssClass()) ?>" id="page:container">
                 <div id="page:left" class="side-col">
                     <?= $block->getChildHtml('left') ?>
                 </div>
@@ -24,13 +21,13 @@
                     </div>
                 </div>
             </div>
-      <?php else: ?>
+        <?php else : ?>
           <div id="messages" data-container-for="messages"><?= $block->getLayout()->getMessagesBlock()->getGroupedHtml() ?></div>
           <?= $block->getChildHtml('content') ?>
-      <?php endif; ?>
+        <?php endif; ?>
          </div>
     </div>
-    <?php if ($block->getChildHtml('footer')): ?>
+    <?php if ($block->getChildHtml('footer')) : ?>
     <div class="footer">
         <?= $block->getChildHtml('footer') ?>
     </div>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/admin/page.phtml b/app/code/Magento/Backend/view/adminhtml/templates/admin/page.phtml
index ebb8e26c93f9d..d8cab67ecb79b 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/admin/page.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/admin/page.phtml
@@ -3,19 +3,16 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php /** @var $block \Magento\Backend\Block\Page */ ?>
 <!doctype html>
-<html lang="<?= /* @escapeNotVerified */ $block->getLang() ?>" class="no-js">
+<html lang="<?= $block->escapeHtmlAttr($block->getLang()) ?>" class="no-js">
 
 <head>
     <?= $block->getChildHtml('head') ?>
 </head>
 
-<body id="html-body"<?= $block->getBodyClass() ? ' class="' . $block->getBodyClass() . '"' : '' ?> data-container="body" data-mage-init='{"loaderAjax":{},"loader":{}}'>
+<body id="html-body" class="<?= $block->escapeHtmlAttr($block->getBodyClass()) ?>" data-container="body" data-mage-init='{"loaderAjax":{},"loader":{}}'>
     <div class="page-wrapper">
         <?= $block->getChildHtml('notification_window') ?>
         <?= $block->getChildHtml('global_notices') ?>
@@ -31,8 +28,8 @@
                 <?= $block->getLayout()->getMessagesBlock()->getGroupedHtml() ?>
             </div>
             <?= $block->getChildHtml('page_main_actions') ?>
-            <?php if ($block->getChildHtml('left')): ?>
-                <div id="page:main-container" class="<?= /* @escapeNotVerified */ $block->getContainerCssClass() ?> col-2-left-layout">
+            <?php if ($block->getChildHtml('left')) : ?>
+                <div id="page:main-container" class="<?= $block->escapeHtmlAttr($block->getContainerCssClass()) ?> col-2-left-layout">
                     <div class="main-col" id="content">
                         <?= $block->getChildHtml('content') ?>
                     </div>
@@ -41,7 +38,7 @@
                         <?= $block->getChildHtml('left') ?>
                     </div>
                 </div>
-            <?php else: ?>
+            <?php else : ?>
                 <div id="page:main-container" class="col-1-layout">
                     <?= $block->getChildHtml('content') ?>
                 </div>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/graph.phtml b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/graph.phtml
index ae123511bd478..12b388c210774 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/graph.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/graph.phtml
@@ -3,33 +3,33 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <div class="dashboard-diagram">
     <div class="dashboard-diagram-switcher">
         <label for="order_<?= $block->getHtmlId() ?>_period"
-               class="label"><?= /* @escapeNotVerified */ __('Select Range:') ?></label>
+               class="label"><?= $block->escapeHtml(__('Select Range:')) ?></label>
         <select name="period" id="order_<?= $block->getHtmlId() ?>_period"
                 onchange="changeDiagramsPeriod(this);" class="admin__control-select">
-            <?php foreach ($this->helper('Magento\Backend\Helper\Dashboard\Data')->getDatePeriods() as $value => $label): ?>
-                <?php if (in_array($value, ['custom'])) {
+            <?php //phpcs:disable ?>
+            <?php foreach ($this->helper(\Magento\Backend\Helper\Dashboard\Data::class)->getDatePeriods() as $value => $label) : ?>
+                <?php
+                //phpcs:enable
+                if (in_array($value, ['custom'])) {
                     continue;
                 } ?>
-                <option value="<?= /* @escapeNotVerified */ $value ?>"
-                    <?php if ($block->getRequest()->getParam('period') == $value): ?> selected="selected"<?php endif; ?>
-                    ><?= /* @escapeNotVerified */ $label ?></option>
+                <option value="<?= /* @noEscape */ $value ?>"
+                    <?php if ($block->getRequest()->getParam('period') == $value) : ?> selected="selected"<?php endif; ?>
+                    ><?= $block->escapeHtml($label) ?></option>
             <?php endforeach; ?>
         </select>
     </div>
-    <?php if ($block->getCount()): ?>
+    <?php if ($block->getCount()) : ?>
     <div class="dashboard-diagram-image">
-        <img src="<?= /* @escapeNotVerified */ $block->getChartUrl(false) ?>" class="dashboard-diagram-chart" alt="Chart" title="Chart" />
+        <img src="<?= $block->escapeUrl($block->getChartUrl(false)) ?>" class="dashboard-diagram-chart" alt="Chart" title="Chart" />
     </div>
-    <?php else: ?>
+    <?php else : ?>
     <div class="dashboard-diagram-nodata">
-        <span><?= /* @escapeNotVerified */ __('No Data Found') ?></span>
+        <span><?= $block->escapeHtml(__('No Data Found')) ?></span>
     </div>
     <?php endif; ?>
 </div>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/graph/disabled.phtml b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/graph/disabled.phtml
index 7dddc15121831..f8e584ce5b9cd 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/graph/disabled.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/graph/disabled.phtml
@@ -3,9 +3,7 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
 ?>
 <div class="dashboard-diagram-disabled">
-    <?= /* @escapeNotVerified */ __('Chart is disabled. To enable the chart, click <a href="%1">here</a>.', $block->getConfigUrl()) ?>
+    <?= /* @noEscape */ __('Chart is disabled. To enable the chart, click <a href="%1">here</a>.', $block->escapeUrl($block->getConfigUrl())) ?>
 </div>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/grid.phtml b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/grid.phtml
index 1041aef59ceac..7c05335642ba7 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/grid.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/grid.phtml
@@ -3,90 +3,87 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 
-$numColumns = sizeof($block->getColumns());
+$numColumns = count($block->getColumns());
 ?>
-<?php if ($block->getCollection()): ?>
+<?php if ($block->getCollection()) : ?>
 <div class="dashboard-item-content">
-    <?php if ($block->getCollection()->getSize()>0): ?>
-        <table class="admin__table-primary dashboard-data" id="<?= /* @escapeNotVerified */ $block->getId() ?>_table">
+    <?php if ($block->getCollection()->getSize() > 0) : ?>
+        <table class="admin__table-primary dashboard-data" id="<?= $block->escapeHtmlAttr($block->getId()) ?>_table">
             <?php
             /* This part is commented to remove all <col> tags from the code. */
             /* foreach ($block->getColumns() as $_column): ?>
             <col <?= $_column->getHtmlProperty() ?> />
             <?php endforeach; */ ?>
-            <?php if ($block->getHeadersVisibility() || $block->getFilterVisibility()): ?>
+            <?php if ($block->getHeadersVisibility() || $block->getFilterVisibility()) : ?>
                 <thead>
-                <?php if ($block->getHeadersVisibility()): ?>
+                <?php if ($block->getHeadersVisibility()) : ?>
                     <tr>
-                        <?php foreach ($block->getColumns() as $_column): ?>
+                        <?php foreach ($block->getColumns() as $_column) : ?>
                             <?= $_column->getHeaderHtml() ?>
                         <?php endforeach; ?>
                     </tr>
                 <?php endif; ?>
                 </thead>
             <?php endif; ?>
-            <?php if (!$block->getIsCollapsed()): ?>
+            <?php if (!$block->getIsCollapsed()) : ?>
                 <tbody>
-                <?php foreach ($block->getCollection() as $_index => $_item): ?>
-                    <tr title="<?= /* @escapeNotVerified */ $block->getRowUrl($_item) ?>">
-                    <?php $i = 0; foreach ($block->getColumns() as $_column): ?>
-                        <td class="<?= /* @escapeNotVerified */ $_column->getCssProperty() ?> <?= ++$i == $numColumns ? 'last' : '' ?>"><?= (($_html = $_column->getRowField($_item)) != '' ? $_html : '&nbsp;') ?></td>
+                <?php foreach ($block->getCollection() as $_index => $_item) : ?>
+                    <tr title="<?= $block->escapeHtmlAttr($block->getRowUrl($_item)) ?>">
+                    <?php $i = 0; foreach ($block->getColumns() as $_column) : ?>
+                        <td class="<?= $block->escapeHtmlAttr($_column->getCssProperty()) ?> <?= /* @noEscape */ ++$i == $numColumns ? 'last' : '' ?>"><?= /* @noEscape */ (($_html = $_column->getRowField($_item)) != '' ? $_html : '&nbsp;') ?></td>
                     <?php endforeach; ?>
                     </tr>
                 <?php endforeach; ?>
                 </tbody>
             <?php endif; ?>
         </table>
-    <?php else: ?>
-        <div class="<?= /* @escapeNotVerified */ $block->getEmptyTextClass() ?>"><?= /* @escapeNotVerified */ $block->getEmptyText() ?></div>
+    <?php else : ?>
+        <div class="<?= $block->escapeHtmlAttr($block->getEmptyTextClass()) ?>"><?= $block->escapeHtml($block->getEmptyText()) ?></div>
     <?php endif; ?>
 </div>
-<?php if ($block->canDisplayContainer()): ?>
+    <?php if ($block->canDisplayContainer()) : ?>
 <script>
 var deps = [];
 
-<?php if ($block->getDependencyJsObject()): ?>
+        <?php if ($block->getDependencyJsObject()) : ?>
 deps.push('uiRegistry');
-<?php endif; ?>
+        <?php endif; ?>
 
-<?php if (strpos($block->getRowClickCallback(), 'order.') !== false): ?>
+        <?php if (strpos($block->getRowClickCallback(), 'order.') !== false) : ?>
 deps.push('Magento_Sales/order/create/form');
-<?php endif; ?>
+        <?php endif; ?>
 
 deps.push('mage/adminhtml/grid');
 
 require(deps, function(<?= ($block->getDependencyJsObject() ? 'registry' : '') ?>){
-    <?php //TODO: getJsObjectName and getRowClickCallback has unexpected behavior. Should be removed ?>
+        <?php //TODO: getJsObjectName and getRowClickCallback has unexpected behavior. Should be removed ?>
 
-    <?php if ($block->getDependencyJsObject()): ?>
-        registry.get('<?= /* @escapeNotVerified */ $block->getDependencyJsObject() ?>', function (<?= /* @escapeNotVerified */ $block->getDependencyJsObject() ?>) {
-    <?php endif; ?>
+        <?php if ($block->getDependencyJsObject()) : ?>
+        registry.get('<?= $block->escapeJs($block->getDependencyJsObject()) ?>', function (<?= $block->escapeJs($block->getDependencyJsObject()) ?>) {
+        <?php endif; ?>
 
-    <?= /* @escapeNotVerified */ $block->getJsObjectName() ?> = new varienGrid('<?= /* @escapeNotVerified */ $block->getId() ?>', '<?= /* @escapeNotVerified */ $block->getGridUrl() ?>', '<?= /* @escapeNotVerified */ $block->getVarNamePage() ?>', '<?= /* @escapeNotVerified */ $block->getVarNameSort() ?>', '<?= /* @escapeNotVerified */ $block->getVarNameDir() ?>', '<?= /* @escapeNotVerified */ $block->getVarNameFilter() ?>');
-    <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.useAjax = '<?= /* @escapeNotVerified */ $block->getUseAjax() ?>';
-    <?php if ($block->getRowClickCallback()): ?>
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.rowClickCallback = <?= /* @escapeNotVerified */ $block->getRowClickCallback() ?>;
-    <?php endif; ?>
-    <?php if ($block->getCheckboxCheckCallback()): ?>
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.checkboxCheckCallback = <?= /* @escapeNotVerified */ $block->getCheckboxCheckCallback() ?>;
-    <?php endif; ?>
-    <?php if ($block->getRowInitCallback()): ?>
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.initRowCallback = <?= /* @escapeNotVerified */ $block->getRowInitCallback() ?>;
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.rows.each(function(row){<?= /* @escapeNotVerified */ $block->getRowInitCallback() ?>(<?= /* @escapeNotVerified */ $block->getJsObjectName() ?>, row)});
-    <?php endif; ?>
-    <?php if ($block->getMassactionBlock()->isAvailable()): ?>
-    <?= /* @escapeNotVerified */ $block->getMassactionBlock()->getJavaScript() ?>
-    <?php endif ?>
+        <?= $block->escapeJs($block->getJsObjectName()) ?> = new varienGrid('<?= $block->escapeJs($block->getId()) ?>', '<?= $block->escapeJs($block->getGridUrl()) ?>', '<?= $block->escapeJs($block->getVarNamePage()) ?>', '<?= $block->escapeJs($block->getVarNameSort()) ?>', '<?= $block->escapeJs($block->getVarNameDir()) ?>', '<?= $block->escapeJs($block->getVarNameFilter()) ?>');
+        <?= $block->escapeJs($block->getJsObjectName()) ?>.useAjax = '<?= $block->escapeJs($block->getUseAjax()) ?>';
+        <?php if ($block->getRowClickCallback()) : ?>
+            <?= $block->escapeJs($block->getJsObjectName()) ?>.rowClickCallback = <?= /* @noEscape */ $block->getRowClickCallback() ?>;
+        <?php endif; ?>
+        <?php if ($block->getCheckboxCheckCallback()) : ?>
+            <?= $block->escapeJs($block->getJsObjectName()) ?>.checkboxCheckCallback = <?= /* @noEscape */ $block->getCheckboxCheckCallback() ?>;
+        <?php endif; ?>
+        <?php if ($block->getRowInitCallback()) : ?>
+            <?= $block->escapeJs($block->getJsObjectName()) ?>.initRowCallback = <?= /* @noEscape */ $block->getRowInitCallback() ?>;
+            <?= $block->escapeJs($block->getJsObjectName()) ?>.rows.each(function(row){<?= /* @noEscape */ $block->getRowInitCallback() ?>(<?= $block->escapeJs($block->getJsObjectName()) ?>, row)});
+        <?php endif; ?>
+        <?php if ($block->getMassactionBlock()->isAvailable()) : ?>
+            <?= /* @noEscape */ $block->getMassactionBlock()->getJavaScript() ?>
+        <?php endif ?>
 
-    <?php if ($block->getDependencyJsObject()): ?>
+        <?php if ($block->getDependencyJsObject()) : ?>
     });
-    <?php endif; ?>
+        <?php endif; ?>
 
 });
 </script>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/index.phtml b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/index.phtml
index 865e0fac38314..6152c8fe1cff1 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/index.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/index.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 
 <?php if (is_array($block->getChildBlock('diagrams')->getTabsIds())) : ?>
@@ -17,13 +14,13 @@ require([
 
 window.changeDiagramsPeriod = function(periodObj) {
     periodParam = periodObj.value ? 'period/' + periodObj.value + '/' : '';
-<?php foreach ($block->getChildBlock('diagrams')->getTabsIds() as $tabId): ?>
-    ajaxBlockParam = 'block/tab_<?= /* @escapeNotVerified */ $tabId ?>/';
-    ajaxBlockUrl = '<?= $block->getUrl('adminhtml/*/ajaxBlock', ['_current' => true, 'block' => '', 'period' => '']) ?>' + ajaxBlockParam + periodParam;
+    <?php foreach ($block->getChildBlock('diagrams')->getTabsIds() as $tabId) : ?>
+    ajaxBlockParam = 'block/tab_<?= $block->escapeJs($tabId) ?>/';
+    ajaxBlockUrl = '<?= $block->escapeJs($block->getUrl('adminhtml/*/ajaxBlock', ['_current' => true, 'block' => '', 'period' => ''])) ?>' + ajaxBlockParam + periodParam;
     new Ajax.Request(ajaxBlockUrl, {
         parameters: {isAjax: 'true', form_key: FORM_KEY},
         onSuccess: function(transport) {
-            tabContentElementId = '<?= /* @escapeNotVerified */ $block->getChildBlock('diagrams')->getId() ?>_<?= /* @escapeNotVerified */ $tabId ?>_content';
+            tabContentElementId = '<?= $block->escapeJs($block->getChildBlock('diagrams')->getId()) ?>_<?= $block->escapeJs($tabId) ?>_content';
             try {
                 if (transport.responseText.isJSON()) {
                     var response = transport.responseText.evalJSON()
@@ -44,8 +41,8 @@ window.changeDiagramsPeriod = function(periodObj) {
             }
         }
     });
-<?php endforeach; ?>
-    ajaxBlockUrl = '<?= $block->getUrl('adminhtml/*/ajaxBlock', ['_current' => true, 'block' => 'totals', 'period' => '']) ?>' + periodParam;
+    <?php endforeach; ?>
+    ajaxBlockUrl = '<?= $block->escapeJs($block->getUrl('adminhtml/*/ajaxBlock', ['_current' => true, 'block' => 'totals', 'period' => ''])) ?>' + periodParam;
     new Ajax.Request(ajaxBlockUrl, {
         parameters: {isAjax: 'true', form_key: FORM_KEY},
         onSuccess: function(transport) {
@@ -93,15 +90,15 @@ window.changeDiagramsPeriod = function(periodObj) {
     <div class="dashboard-secondary col-m-4 col-m-pull-8">
         <?= $block->getChildHtml('sales') ?>
         <div class="dashboard-item">
-            <div class="dashboard-item-title"><?= /* @escapeNotVerified */ __('Last Orders') ?></div>
+            <div class="dashboard-item-title"><?= $block->escapeHtml(__('Last Orders')) ?></div>
             <?= $block->getChildHtml('lastOrders') ?>
         </div>
         <div class="dashboard-item">
-            <div class="dashboard-item-title"><?= /* @escapeNotVerified */ __('Last Search Terms') ?></div>
+            <div class="dashboard-item-title"><?= $block->escapeHtml(__('Last Search Terms')) ?></div>
             <?= $block->getChildHtml('lastSearches') ?>
         </div>
         <div class="dashboard-item">
-            <div class="dashboard-item-title"><?= /* @escapeNotVerified */ __('Top Search Terms') ?></div>
+            <div class="dashboard-item-title"><?= $block->escapeHtml(__('Top Search Terms')) ?></div>
             <?= $block->getChildHtml('topSearches') ?>
         </div>
     </div>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/salebar.phtml b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/salebar.phtml
index 450a2c89b50da..139a7cad4185f 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/salebar.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/salebar.phtml
@@ -3,18 +3,15 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<?php if (sizeof($block->getTotals()) > 0): ?>
-    <?php foreach ($block->getTotals() as $_total): ?>
+<?php if (count($block->getTotals()) > 0) : ?>
+    <?php foreach ($block->getTotals() as $_total) : ?>
     <div class="dashboard-item dashboard-item-primary">
-        <div class="dashboard-item-title"><?= /* @escapeNotVerified */ $_total['label'] ?></div>
+        <div class="dashboard-item-title"><?= $block->escapeHtml($_total['label']) ?></div>
         <div class="dashboard-item-content">
             <strong class="dashboard-sales-value">
-                <?= /* @escapeNotVerified */ $_total['value'] ?>
-                <span class="dashboard-sales-decimals"><?= /* @escapeNotVerified */ $_total['decimals'] ?></span>
+                <?= /* @noEscape */ $_total['value'] ?>
+                <span class="dashboard-sales-decimals"><?= /* @noEscape */ $_total['decimals'] ?></span>
             </strong>
         </div>
     </div>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/searches.phtml b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/searches.phtml
index f6e837fd54ede..7a7a71f07fa55 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/searches.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/searches.phtml
@@ -3,16 +3,13 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<?php if (count($block->getCollection()->getItems()) > 0): ?>
+<?php if (count($block->getCollection()->getItems()) > 0) : ?>
     <div class="searches-results">
-        <?php foreach ($block->getCollection()->getItems() as $item): ?>
-        <span><?= /* @escapeNotVerified */ $item->getQueryText() ?></span><br />
+        <?php foreach ($block->getCollection()->getItems() as $item) : ?>
+        <span><?= $block->escapeHtml($item->getQueryText()) ?></span><br />
         <?php endforeach; ?>
     </div>
-<?php else: ?>
-    <div class="empty-text"><?= /* @escapeNotVerified */ __('There are no search keywords.') ?></div>
+<?php else : ?>
+    <div class="empty-text"><?= $block->escapeHtml(__('There are no search keywords.')) ?></div>
 <?php endif; ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/store/switcher.phtml b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/store/switcher.phtml
index bf9ae27f17b48..87e5399ddda44 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/store/switcher.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/store/switcher.phtml
@@ -3,31 +3,28 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<p class="switcher"><label for="store_switcher"><?= /* @escapeNotVerified */ __('View Statistics For:') ?></label>
+<p class="switcher"><label for="store_switcher"><?= $block->escapeHtml(__('View Statistics For:')) ?></label>
 <?= $block->getHintHtml() ?>
 <select name="store_switcher" id="store_switcher" class="left-col-block" onchange="return switchStore(this);">
-    <option value=""><?= /* @escapeNotVerified */ __('All Websites') ?></option>
-    <?php foreach ($block->getWebsiteCollection() as $_website): ?>
+    <option value=""><?= $block->escapeHtml(__('All Websites')) ?></option>
+    <?php foreach ($block->getWebsiteCollection() as $_website) : ?>
         <?php $showWebsite = false; ?>
-        <?php foreach ($block->getGroupCollection($_website) as $_group): ?>
+        <?php foreach ($block->getGroupCollection($_website) as $_group) : ?>
             <?php $showGroup = false; ?>
-            <?php foreach ($block->getStoreCollection($_group) as $_store): ?>
-                <?php if ($showWebsite == false): ?>
+            <?php foreach ($block->getStoreCollection($_group) as $_store) : ?>
+                <?php if ($showWebsite == false) : ?>
                     <?php $showWebsite = true; ?>
-                    <option website="true" value="<?= /* @escapeNotVerified */ $_website->getId() ?>"<?php if ($block->getRequest()->getParam('website') == $_website->getId()): ?> selected="selected"<?php endif; ?>><?= /* @escapeNotVerified */ $_website->getName() ?></option>
+                    <option website="true" value="<?= $block->escapeHtmlAttr($_website->getId()) ?>"<?php if ($block->getRequest()->getParam('website') == $_website->getId()) : ?> selected="selected"<?php endif; ?>><?= $block->escapeHtml($_website->getName()) ?></option>
                 <?php endif; ?>
-                <?php if ($showGroup == false): ?>
+                <?php if ($showGroup == false) : ?>
                     <?php $showGroup = true; ?>
-                    <!--optgroup label="&nbsp;&nbsp;&nbsp;<?= /* @escapeNotVerified */ $_group->getName() ?>"-->
-                    <option group="true" value="<?= /* @escapeNotVerified */ $_group->getId() ?>"<?php if ($block->getRequest()->getParam('group') == $_group->getId()): ?> selected="selected"<?php endif; ?>>&nbsp;&nbsp;&nbsp;<?= /* @escapeNotVerified */ $_group->getName() ?></option>
+                    <!--optgroup label="&nbsp;&nbsp;&nbsp;<?= $block->escapeHtmlAttr($_group->getName()) ?>"-->
+                    <option group="true" value="<?= $block->escapeHtmlAttr($_group->getId()) ?>"<?php if ($block->getRequest()->getParam('group') == $_group->getId()) : ?> selected="selected"<?php endif; ?>>&nbsp;&nbsp;&nbsp;<?= $block->escapeHtml($_group->getName()) ?></option>
                 <?php endif; ?>
-                <option value="<?= /* @escapeNotVerified */ $_store->getId() ?>"<?php if ($block->getStoreId() == $_store->getId()): ?> selected="selected"<?php endif; ?>>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<?= /* @escapeNotVerified */ $_store->getName() ?></option>
+                <option value="<?= $block->escapeHtmlAttr($_store->getId()) ?>"<?php if ($block->getStoreId() == $_store->getId()) : ?> selected="selected"<?php endif; ?>>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<?= $block->escapeHtml($_store->getName()) ?></option>
             <?php endforeach; ?>
-            <?php if ($showGroup): ?>
+            <?php if ($showGroup) : ?>
                 <!--</optgroup>-->
             <?php endif; ?>
         <?php endforeach; ?>
@@ -57,7 +54,7 @@
                 var select = $('order_amounts_period');
             }
             var periodParam = select.value ? 'period/' + select.value + '/' : '';
-            setLocation('<?= /* @escapeNotVerified */ $block->getSwitchUrl() ?>' + storeParam + periodParam);
+            setLocation('<?= $block->escapeJs($block->getSwitchUrl()) ?>' + storeParam + periodParam);
         }
     });
 </script>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/totalbar.phtml b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/totalbar.phtml
index 8605304b1f528..918eea75fab99 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/dashboard/totalbar.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/dashboard/totalbar.phtml
@@ -3,19 +3,16 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<?php if (sizeof($block->getTotals()) > 0): ?>
+<?php if (count($block->getTotals()) > 0) : ?>
 <div class="dashboard-totals" id="dashboard_diagram_totals">
     <ul class="dashboard-totals-list">
-        <?php foreach ($block->getTotals() as $_total): ?>
+        <?php foreach ($block->getTotals() as $_total) : ?>
             <li class="dashboard-totals-item">
-                <span class="dashboard-totals-label"><?= /* @escapeNotVerified */ $_total['label'] ?></span>
+                <span class="dashboard-totals-label"><?= $block->escapeHtml($_total['label']) ?></span>
                 <strong class="dashboard-totals-value">
-                    <?= /* @escapeNotVerified */ $_total['value'] ?>
-                    <span class="dashboard-totals-decimals"><?= /* @escapeNotVerified */ $_total['decimals'] ?></span>
+                    <?= /* @noEscape */ $_total['value'] ?>
+                    <span class="dashboard-totals-decimals"><?= /* @noEscape */ $_total['decimals'] ?></span>
                 </strong>
             </li>
         <?php endforeach; ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/media/uploader.phtml b/app/code/Magento/Backend/view/adminhtml/templates/media/uploader.phtml
index 4d9ba6a8c4bad..83482b1720cf5 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/media/uploader.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/media/uploader.phtml
@@ -4,25 +4,23 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var $block \Magento\Backend\Block\Media\Uploader */
 ?>
 
 <div id="<?= $block->getHtmlId() ?>" class="uploader"
     data-mage-init='{
         "Magento_Backend/js/media-uploader" : {
-            "maxFileSize": <?= /* @escapeNotVerified */ $block->getFileSizeService()->getMaxFileSize() ?>,
-            "maxWidth": <?= /* @escapeNotVerified */ $block->getImageUploadMaxWidth() ?>,
-            "maxHeight": <?= /* @escapeNotVerified */ $block->getImageUploadMaxHeight() ?>,
+            "maxFileSize": <?= /* @noEscape */ $block->getFileSizeService()->getMaxFileSize() ?>,
+            "maxWidth": <?= /* @noEscape */ $block->getImageUploadMaxWidth() ?>,
+            "maxHeight": <?= /* @noEscape */ $block->getImageUploadMaxHeight() ?>,
             "isResizeEnabled": <?= /* @noEscape */ $block->getImageUploadConfigData()->getIsResizeEnabled() ?>
         }
     }'
 >
     <div class="fileinput-button form-buttons button">
-        <span><?= /* @escapeNotVerified */ __('Browse Files...') ?></span>
-        <input id="fileupload" type="file" name="<?= /* @escapeNotVerified */ $block->getConfig()->getFileField() ?>"
-            data-url="<?= /* @escapeNotVerified */ $block->getConfig()->getUrl() ?>" multiple="multiple" />
+        <span><?= $block->escapeHtml(__('Browse Files...')) ?></span>
+        <input id="fileupload" type="file" name="<?= $block->escapeHtmlAttr($block->getConfig()->getFileField()) ?>"
+            data-url="<?= $block->escapeHtmlAttr($block->getConfig()->getUrl()) ?>" multiple="multiple" />
     </div>
     <div class="clear"></div>
     <script id="<?= $block->getHtmlId() ?>-template" type="text/x-magento-template" data-template="uploader">
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/menu.phtml b/app/code/Magento/Backend/view/adminhtml/templates/menu.phtml
index c448bd61b0791..815cf9c8e4cd4 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/menu.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/menu.phtml
@@ -3,12 +3,9 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 
 <nav data-mage-init='{"globalNavigation": {}}' class="admin__menu">
-    <?= /* @escapeNotVerified */ $block->renderNavigation($block->getMenuModel(), 0, 12) ?>
+    <?= /* @noEscape */ $block->renderNavigation($block->getMenuModel(), 0, 12) ?>
 </nav>
 
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/page/copyright.phtml b/app/code/Magento/Backend/view/adminhtml/templates/page/copyright.phtml
index 55bdbb460ba07..e3a5c84ea4522 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/page/copyright.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/page/copyright.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<a class="link-copyright" href="http://magento.com" target="_blank" title="<?= /* @escapeNotVerified */ __('Magento') ?>"></a>
-<?= /* @escapeNotVerified */ __('Copyright &copy; %1 Magento Commerce Inc. All rights reserved.', date('Y')) ?>
+<a class="link-copyright" href="http://magento.com" target="_blank" title="<?= $block->escapeHtmlAttr(__('Magento')) ?>"></a>
+<?= $block->escapeHtml(__('Copyright &copy; %1 Magento Commerce Inc. All rights reserved.', date('Y'))) ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/page/footer.phtml b/app/code/Magento/Backend/view/adminhtml/templates/page/footer.phtml
index 78e2e6db15e91..3f21dcda9a544 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/page/footer.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/page/footer.phtml
@@ -3,11 +3,8 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <p class="magento-version">
-    <strong><?= /* @escapeNotVerified */ __('Magento') ?></strong>
-    <?= /* @escapeNotVerified */ __('ver. %1', $block->getMagentoVersion()) ?>
+    <strong><?= $block->escapeHtml(__('Magento')) ?></strong>
+    <?= $block->escapeHtml(__('ver. %1', $block->getMagentoVersion())) ?>
 </p>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/page/header.phtml b/app/code/Magento/Backend/view/adminhtml/templates/page/header.phtml
index f952001f5e2ff..89f144664003d 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/page/header.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/page/header.phtml
@@ -4,26 +4,23 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var $block \Magento\Backend\Block\Page\Header */
+$part = $block->getShowPart();
 ?>
-<?php switch ($block->getShowPart()):
-    case 'logo': ?>
+<?php if ($part === 'logo') : ?>
         <?php $edition = $block->hasEdition() ? 'data-edition="' . $block->escapeHtml($block->getEdition()) . '"' : ''; ?>
         <?php $logoSrc = ($block->hasLogoImageSrc()) ? $block->escapeHtml($block->getLogoImageSrc()) : 'images/magento-logo.svg' ?>
         <a
-            href="<?= /* @escapeNotVerified */ $block->getHomeLink() ?>"
-            <?= /* @escapeNotVerified */ $edition ?>
+            href="<?= $block->escapeUrl($block->getHomeLink()) ?>"
+            <?= /* @noEscape */ $edition ?>
             class="logo">
-            <img class="logo-img" src="<?= /* @escapeNotVerified */ $block->getViewFileUrl($logoSrc) ?>"
+            <img class="logo-img" src="<?= /* @noEscape */ $block->getViewFileUrl($logoSrc) ?>"
             alt="<?= $block->escapeHtml(__('Magento Admin Panel')) ?>" title="<?= $block->escapeHtml(__('Magento Admin Panel')) ?>"/>
         </a>
-    <?php break; ?>
-    <?php case 'user': ?>
+<?php elseif ($part === 'user') : ?>
         <div class="admin-user admin__action-dropdown-wrap">
             <a
-                href="<?= /* @escapeNotVerified */ $block->getUrl('adminhtml/system_account/index') ?>"
+                href="<?= /* @noEscape */ $block->getUrl('adminhtml/system_account/index') ?>"
                 class="admin__action-dropdown"
                 title="<?= $block->escapeHtml(__('My Account')) ?>"
                 data-mage-init='{"dropdown":{}}'
@@ -33,36 +30,35 @@
                 </span>
             </a>
             <ul class="admin__action-dropdown-menu">
-                <?php if ($block->getAuthorization()->isAllowed('Magento_Backend::myaccount')): ?>
+                <?php if ($block->getAuthorization()->isAllowed('Magento_Backend::myaccount')) : ?>
                 <li>
                     <a
-                        href="<?= /* @escapeNotVerified */ $block->getUrl('adminhtml/system_account/index') ?>"
-                        <?= /* @escapeNotVerified */ $block->getUiId('user', 'account', 'settings') ?>
+                        href="<?= /* @noEscape */ $block->getUrl('adminhtml/system_account/index') ?>"
+                        <?= /* @noEscape */ $block->getUiId('user', 'account', 'settings') ?>
                         title="<?= $block->escapeHtml(__('Account Setting')) ?>">
-                        <?= /* @escapeNotVerified */ __('Account Setting') ?> (<span class="admin-user-name"><?= $block->escapeHtml($block->getUser()->getUserName()) ?></span>)
+                        <?= $block->escapeHtml(__('Account Setting')) ?> (<span class="admin-user-name"><?= $block->escapeHtml($block->getUser()->getUserName()) ?></span>)
                     </a>
                 </li>
                 <?php endif; ?>
                 <li>
                     <a
-                        href="<?= /* @escapeNotVerified */ $block->getBaseUrl() ?>"
+                        href="<?= /* @noEscape */ $block->getBaseUrl() ?>"
                         title="<?= $block->escapeHtml(__('Customer View')) ?>"
                         target="_blank" class="store-front">
-                        <?= /* @escapeNotVerified */ __('Customer View') ?>
+                        <?= $block->escapeHtml(__('Customer View')) ?>
                     </a>
                 </li>
                 <li>
                     <a
-                        href="<?= /* @escapeNotVerified */ $block->getLogoutLink() ?>"
+                        href="<?= /* @noEscape */ $block->getLogoutLink() ?>"
                         class="account-signout"
                         title="<?= $block->escapeHtml(__('Sign Out')) ?>">
-                        <?= /* @escapeNotVerified */ __('Sign Out') ?>
+                        <?= $block->escapeHtml(__('Sign Out')) ?>
                     </a>
                 </li>
             </ul>
         </div>
-    <?php break; ?>
-    <?php case 'other': ?>
-        <?= $block->getChildHtml() ?>
-    <?php break; ?>
-<?php endswitch; ?>
+
+<?php elseif ($part === 'other') : ?>
+    <?= $block->getChildHtml() ?>
+<?php endif; ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/page/js/calendar.phtml b/app/code/Magento/Backend/view/adminhtml/templates/page/js/calendar.phtml
index e47bf5830f9ee..94df9ef9eb872 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/page/js/calendar.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/page/js/calendar.phtml
@@ -3,7 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-// no notice of license for now
 ?>
 
 <?php
@@ -22,20 +21,20 @@ require([
 
     $.extend(true, $, {
         calendarConfig: {
-            dayNames: <?= /* @escapeNotVerified */ $days['wide'] ?>,
-            dayNamesMin: <?= /* @escapeNotVerified */ $days['abbreviated'] ?>,
-            monthNames: <?= /* @escapeNotVerified */ $months['wide'] ?>,
-            monthNamesShort: <?= /* @escapeNotVerified */ $months['abbreviated'] ?>,
-            infoTitle: "<?= /* @escapeNotVerified */ __('About the calendar') ?>",
-            firstDay: <?= /* @escapeNotVerified */ $firstDay ?>,
-            closeText: "<?= /* @escapeNotVerified */ __('Close') ?>",
-            currentText: "<?= /* @escapeNotVerified */ __('Go Today') ?>",
-            prevText: "<?= /* @escapeNotVerified */ __('Previous') ?>",
-            nextText: "<?= /* @escapeNotVerified */ __('Next') ?>",
-            weekHeader: "<?= /* @escapeNotVerified */ __('WK') ?>",
-            timeText: "<?= /* @escapeNotVerified */ __('Time') ?>",
-            hourText: "<?= /* @escapeNotVerified */ __('Hour') ?>",
-            minuteText: "<?= /* @escapeNotVerified */ __('Minute') ?>",
+            dayNames: <?= /* @noEscape */ $days['wide'] ?>,
+            dayNamesMin: <?= /* @noEscape */ $days['abbreviated'] ?>,
+            monthNames: <?= /* @noEscape */ $months['wide'] ?>,
+            monthNamesShort: <?= /* @noEscape */ $months['abbreviated'] ?>,
+            infoTitle: "<?= $block->escapeJs(__('About the calendar')) ?>",
+            firstDay: <?= /* @noEscape */ $firstDay ?>,
+            closeText: "<?= $block->escapeJs(__('Close')) ?>",
+            currentText: "<?= $block->escapeJs(__('Go Today')) ?>",
+            prevText: "<?= $block->escapeJs(__('Previous')) ?>",
+            nextText: "<?= $block->escapeJs(__('Next')) ?>",
+            weekHeader: "<?= $block->escapeJs(__('WK')) ?>",
+            timeText: "<?= $block->escapeJs(__('Time')) ?>",
+            hourText: "<?= $block->escapeJs(__('Hour')) ?>",
+            minuteText: "<?= $block->escapeJs(__('Minute')) ?>",
             dateFormat: $.datepicker.RFC_2822,
             showOn: "button",
             showAnim: "",
@@ -52,11 +51,11 @@ require([
             showMinute: false,
             serverTimezoneSeconds: <?= (int) $block->getStoreTimestamp() ?>,
             serverTimezoneOffset: <?= (int) $block->getTimezoneOffsetSeconds() ?>,
-            yearRange: '<?= /* @escapeNotVerified */ $block->getYearRange() ?>'
+            yearRange: '<?= $block->escapeJs($block->getYearRange()) ?>'
         }
     });
 
-enUS = <?= /* @escapeNotVerified */ $enUS ?>; // en_US locale reference
+enUS = <?= /* @noEscape */ $enUS ?>; // en_US locale reference
 
 });
 </script>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/page/js/components.phtml b/app/code/Magento/Backend/view/adminhtml/templates/page/js/components.phtml
index c6c7bcc901e7e..5277a1df2f31e 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/page/js/components.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/page/js/components.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 
 <?php
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/page/js/require_js.phtml b/app/code/Magento/Backend/view/adminhtml/templates/page/js/require_js.phtml
index 9cb2cec091939..68453d9ff8ff2 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/page/js/require_js.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/page/js/require_js.phtml
@@ -5,9 +5,9 @@
  */
 ?>
 <script>
-    var BASE_URL = '<?= /* @escapeNotVerified */ $block->getUrl('*') ?>';
-    var FORM_KEY = '<?= /* @escapeNotVerified */ $block->getFormKey() ?>';
+    var BASE_URL = '<?= /* @noEscape */ $block->getUrl('*') ?>';
+    var FORM_KEY = '<?= /* @noEscape */ $block->getFormKey() ?>';
     var require = {
-        "baseUrl": "<?= /* @escapeNotVerified */ $block->getViewFileUrl('/') ?>"
+        "baseUrl": "<?= /* @noEscape */ $block->getViewFileUrl('/') ?>"
     };
 </script>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/page/notices.phtml b/app/code/Magento/Backend/view/adminhtml/templates/page/notices.phtml
index 5418ad58b9519..93df0aec94ef1 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/page/notices.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/page/notices.phtml
@@ -3,29 +3,26 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /**
  * @see \Magento\Backend\Block\Page\Notices
  */
 ?>
-<?php if ($block->displayNoscriptNotice()): ?>
+<?php if ($block->displayNoscriptNotice()) : ?>
     <noscript>
         <div class="messages">
             <div class="message message-warning message-noscript">
-                <strong><?= /* @escapeNotVerified */ __('JavaScript may be disabled in your browser.') ?></strong>
-                <?= /* @escapeNotVerified */ __('To use this website you must first enable JavaScript in your browser.') ?>
+                <strong><?= $block->escapeHtml(__('JavaScript may be disabled in your browser.')) ?></strong>
+                <?= $block->escapeHtml(__('To use this website you must first enable JavaScript in your browser.')) ?>
             </div>
         </div>
     </noscript>
 <?php endif; ?>
-<?php if ($block->displayDemoNotice()): ?>
+<?php if ($block->displayDemoNotice()) : ?>
     <div class="messages">
         <div class="message message-warning message-demo-mode">
-            <?= /* @escapeNotVerified */ __('This is only a demo store. You can browse and place orders, but nothing will be processed.') ?>
+            <?= $block->escapeHtml(__('This is only a demo store. You can browse and place orders, but nothing will be processed.')) ?>
         </div>
     </div>
 <?php endif; ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/page/report.phtml b/app/code/Magento/Backend/view/adminhtml/templates/page/report.phtml
index 4ef6d378cc4a4..2965983e12150 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/page/report.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/page/report.phtml
@@ -3,12 +3,9 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<?php if ($block->getBugreportUrl()): ?>
-    <a class="link-report" href="<?= /* @escapeNotVerified */ $block->getBugreportUrl() ?>" id="footer_bug_tracking" target="_blank">
-        <?= /* @escapeNotVerified */ __('Report an Issue') ?>
+<?php if ($block->getBugreportUrl()) : ?>
+    <a class="link-report" href="<?= $block->escapeUrl($block->getBugreportUrl()) ?>" id="footer_bug_tracking" target="_blank">
+        <?= $block->escapeHtml(__('Report an Issue')) ?>
     </a>
 <?php endif; ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/pageactions.phtml b/app/code/Magento/Backend/view/adminhtml/templates/pageactions.phtml
index 0a1dcb0b626e6..56a8161b57e0b 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/pageactions.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/pageactions.phtml
@@ -3,12 +3,9 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<?php if ($block->getChildHtml()):?>
-    <div data-mage-init='{"floatingHeader": {}}' class="page-actions floating-header" <?= /* @escapeNotVerified */ $block->getUiId('content-header') ?>>
+<?php if ($block->getChildHtml()) :?>
+    <div data-mage-init='{"floatingHeader": {}}' class="page-actions floating-header" <?= /* @noEscape */ $block->getUiId('content-header') ?>>
         <?= $block->getChildHtml() ?>
     </div>
 <?php endif; ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/store/switcher.phtml b/app/code/Magento/Backend/view/adminhtml/templates/store/switcher.phtml
index bb968c57610be..8674a167d28e5 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/store/switcher.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/store/switcher.phtml
@@ -4,27 +4,25 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /* @var $block \Magento\Backend\Block\Store\Switcher */
 ?>
-<?php if ($websites = $block->getWebsites()): ?>
+<?php if ($websites = $block->getWebsites()) : ?>
 
 <div class="store-switcher store-view">
-    <span class="store-switcher-label"><?= /* @escapeNotVerified */ __('Store View:') ?></span>
+    <span class="store-switcher-label"><?= $block->escapeHtml(__('Store View:')) ?></span>
     <div class="actions dropdown closable">
         <input type="hidden" name="store_switcher" id="store_switcher"
-               data-role="store-view-id" data-param="<?= /* @escapeNotVerified */ $block->getStoreVarName() ?>"
+               data-role="store-view-id" data-param="<?= $block->escapeHtmlAttr($block->getStoreVarName()) ?>"
                value="<?= $block->escapeHtml($block->getStoreId()) ?>"
-               onchange="switchScope(this);"<?= /* @escapeNotVerified */ $block->getUiId() ?> />
+               onchange="switchScope(this);"<?= /* @noEscape */ $block->getUiId() ?> />
         <input type="hidden" name="store_group_switcher" id="store_group_switcher"
-               data-role="store-group-id" data-param="<?= /* @escapeNotVerified */ $block->getStoreGroupVarName() ?>"
+               data-role="store-group-id" data-param="<?= $block->escapeHtmlAttr($block->getStoreGroupVarName()) ?>"
                value="<?= $block->escapeHtml($block->getStoreGroupId()) ?>"
-               onchange="switchScope(this);"<?= /* @escapeNotVerified */ $block->getUiId() ?> />
+               onchange="switchScope(this);"<?= /* @noEscape */ $block->getUiId() ?> />
         <input type="hidden" name="website_switcher" id="website_switcher"
-               data-role="website-id" data-param="<?= /* @escapeNotVerified */ $block->getWebsiteVarName() ?>"
+               data-role="website-id" data-param="<?= $block->escapeHtmlAttr($block->getWebsiteVarName()) ?>"
                value="<?= $block->escapeHtml($block->getWebsiteId()) ?>"
-               onchange="switchScope(this);"<?= /* @escapeNotVerified */ $block->getUiId() ?> />
+               onchange="switchScope(this);"<?= /* @noEscape */ $block->getUiId() ?> />
         <button
             type="button"
             class="admin__action-dropdown"
@@ -32,96 +30,65 @@
             data-toggle="dropdown"
             aria-haspopup="true"
             id="store-change-button">
-            <?= /* @escapeNotVerified */ $block->getCurrentSelectionName() ?>
+            <?= $block->escapeHtml($block->getCurrentSelectionName()) ?>
         </button>
         <ul class="dropdown-menu" data-role="stores-list">
-            <?php if ($block->hasDefaultOption()): ?>
-                <li class="store-switcher-all <?php if ( ! ($block->getDefaultSelectionName() != $block->getCurrentSelectionName())) {
-                    echo "disabled";
-                } ?> <?php if ( ! $block->hasScopeSelected()) {
-                    ?> current<?php
-                } ?>">
-                    <?php if ($block->getDefaultSelectionName() != $block->getCurrentSelectionName()) {
+            <?php if ($block->hasDefaultOption()) : ?>
+                <li class="store-switcher-all <?php if (!($block->getDefaultSelectionName() != $block->getCurrentSelectionName())) : ?>disabled<?php endif; ?> <?php if (!$block->hasScopeSelected()) : ?>current<?php endif; ?>">
+                    <?php if ($block->getDefaultSelectionName() != $block->getCurrentSelectionName()) : ?>
                         ?>
                         <a data-role="store-view-id" data-value="" href="#">
-                            <?= /* @escapeNotVerified */ $block->getDefaultSelectionName() ?>
+                            <?= $block->escapeHtml($block->getDefaultSelectionName()) ?>
                         </a>
-                    <?php
-                    } else {
-                        ?>
-                        <span><?= /* @escapeNotVerified */ $block->getDefaultSelectionName() ?></span>
-                    <?php
-                    } ?>
+                    <?php else : ?>
+                        <span><?= $block->escapeHtml($block->getDefaultSelectionName()) ?></span>
+                    <?php endif; ?>
                 </li>
             <?php endif; ?>
-            <?php foreach ($websites as $website): ?>
+            <?php foreach ($websites as $website) : ?>
                 <?php $showWebsite = false; ?>
-                <?php foreach ($website->getGroups() as $group): ?>
+                <?php foreach ($website->getGroups() as $group) : ?>
                     <?php $showGroup = false; ?>
-                    <?php foreach ($block->getStores($group) as $store): ?>
-                        <?php if ($showWebsite == false): ?>
+                    <?php foreach ($block->getStores($group) as $store) : ?>
+                        <?php if ($showWebsite == false) : ?>
                             <?php $showWebsite = true; ?>
-                            <li class="store-switcher-website <?php if ( ! ($block->isWebsiteSwitchEnabled() && ! $block->isWebsiteSelected($website))) {
-                                echo "disabled";
-                            } ?> <?php if ($block->isWebsiteSelected($website)) {
-                                ?> current<?php
-                            } ?>">
-                                <?php if ($block->isWebsiteSwitchEnabled() && ! $block->isWebsiteSelected($website)) {
-                                    ?>
+                            <li class="store-switcher-website <?php if (!($block->isWebsiteSwitchEnabled() && ! $block->isWebsiteSelected($website))) : ?>disabled<?php endif; ?> <?php if ($block->isWebsiteSelected($website)) : ?>current<?php endif; ?>">
+                                <?php if ($block->isWebsiteSwitchEnabled() && ! $block->isWebsiteSelected($website)) : ?>
                                     <a data-role="website-id" data-value="<?= $block->escapeHtml($website->getId()) ?>" href="#">
                                         <?= $block->escapeHtml($website->getName()) ?>
                                     </a>
-                                <?php
-                                } else {
-                                    ?>
+                                <?php else : ?>
                                     <span><?= $block->escapeHtml($website->getName()) ?></span>
-                                <?php
-                                } ?>
+                                <?php endif; ?>
                             </li>
                         <?php endif; ?>
-                        <?php if ($showGroup == false): ?>
+                        <?php if ($showGroup == false) : ?>
                             <?php $showGroup = true; ?>
-                            <li class="store-switcher-store <?php if ( ! ($block->isStoreGroupSwitchEnabled() && ! $block->isStoreGroupSelected($group))) {
-                                echo "disabled";
-                            } ?> <?php if ($block->isStoreGroupSelected($group)) {
-                                ?> current<?php
-                            } ?>">
-                                <?php if ($block->isStoreGroupSwitchEnabled() && ! $block->isStoreGroupSelected($group)) {
-                                    ?>
+                            <li class="store-switcher-store <?php if (!($block->isStoreGroupSwitchEnabled() && ! $block->isStoreGroupSelected($group))) : ?>disabled<?php endif; ?> <?php if ($block->isStoreGroupSelected($group)) : ?>current<?php endif; ?>">
+                                <?php if ($block->isStoreGroupSwitchEnabled() && ! $block->isStoreGroupSelected($group)) : ?>
                                     <a data-role="store-group-id" data-value="<?= $block->escapeHtml($group->getId()) ?>" href="#">
                                         <?= $block->escapeHtml($group->getName()) ?>
                                     </a>
-                                <?php
-                                } else {
-                                    ?>
+                                <?php else : ?>
                                     <span><?= $block->escapeHtml($group->getName()) ?></span>
-                                <?php
-                                } ?>
+                                <?php endif; ?>
                             </li>
                         <?php endif; ?>
-                        <li class="store-switcher-store-view <?php if ( ! ($block->isStoreSwitchEnabled() && ! $block->isStoreSelected($store))) {
-                            echo "disabled";
-                        } ?> <?php if ($block->isStoreSelected($store)) {
-                            ?> current<?php
-                        } ?>">
-                            <?php if ($block->isStoreSwitchEnabled() && ! $block->isStoreSelected($store)) {
-                                ?>
+                        <li class="store-switcher-store-view <?php if (!($block->isStoreSwitchEnabled() && !$block->isStoreSelected($store))) : ?>disabled<?php endif; ?> <?php if ($block->isStoreSelected($store)) :?>current<?php endif; ?>">
+                            <?php if ($block->isStoreSwitchEnabled() && ! $block->isStoreSelected($store)) : ?>
                                 <a data-role="store-view-id" data-value="<?= $block->escapeHtml($store->getId()) ?>" href="#">
                                     <?= $block->escapeHtml($store->getName()) ?>
                                 </a>
-                            <?php
-                            } else {
-                                ?>
+                            <?php else : ?>
                                 <span><?= $block->escapeHtml($store->getName()) ?></span>
-                            <?php
-                            } ?>
+                            <?php endif; ?>
                         </li>
                     <?php endforeach; ?>
                 <?php endforeach; ?>
             <?php endforeach; ?>
-            <?php if ($block->getShowManageStoresLink() && $block->getAuthorization()->isAllowed('Magento_Backend::store')): ?>
+            <?php if ($block->getShowManageStoresLink() && $block->getAuthorization()->isAllowed('Magento_Backend::store')) : ?>
                 <li class="dropdown-toolbar">
-                    <a href="<?= /* @escapeNotVerified */ $block->getUrl('*/system_store') ?>"><?= /* @escapeNotVerified */ __('Stores Configuration') ?></a>
+                    <a href="<?= /* @noEscape */ $block->getUrl('*/system_store') ?>"><?= $block->escapeHtml(__('Stores Configuration')) ?></a>
                 </li>
             <?php endif; ?>
         </ul>
@@ -173,10 +140,10 @@ require([
             scopeSwitcherHandler(switcherParams);
         } else {
 
-            <?php if ($block->getUseConfirm()): ?>
+            <?php if ($block->getUseConfirm()) : ?>
 
             confirm({
-                content:  "<?= /* @escapeNotVerified */ __('Please confirm scope switching. All data that hasn\'t been saved will be lost.') ?>",
+                content:  "<?= $block->escapeJs(__('Please confirm scope switching. All data that hasn\'t been saved will be lost.')) ?>",
                 actions: {
                     confirm: function() {
                         reload();
@@ -187,16 +154,16 @@ require([
                 }
             });
 
-            <?php else: ?>
+            <?php else : ?>
                 reload();
             <?php endif; ?>
         }
 
         function reload() {
-            <?php if (!$block->isUsingIframe()): ?>
-            var url = '<?= /* @escapeNotVerified */ $block->getSwitchUrl() ?>' + scopeParams;
+            <?php if (!$block->isUsingIframe()) : ?>
+            var url = '<?= $block->escapeJs($block->getSwitchUrl()) ?>' + scopeParams;
             setLocation(url);
-            <?php else: ?>
+            <?php else : ?>
             jQuery('#preview_selected_store').val(scopeId);
             jQuery('#preview_form').submit();
 
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/store/switcher/form/renderer/fieldset.phtml b/app/code/Magento/Backend/view/adminhtml/templates/store/switcher/form/renderer/fieldset.phtml
index 49a2c681285bf..382fb6e81c519 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/store/switcher/form/renderer/fieldset.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/store/switcher/form/renderer/fieldset.phtml
@@ -3,43 +3,40 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_element = $block->getElement() ?>
-<?php if ($_element->getFieldsetContainerId()): ?>
-    <div id="<?= /* @escapeNotVerified */ $_element->getFieldsetContainerId() ?>">789
+<?php if ($_element->getFieldsetContainerId()) : ?>
+    <div id="<?= $block->escapeHtmlAttr($_element->getFieldsetContainerId()) ?>">789
 <?php endif; ?>
 
-<?php if (!$_element->getNoContainer()): ?>
-    <fieldset class="admin__fieldset fieldset <?= /* @escapeNotVerified */ $_element->getClass() ?>" id="<?= $_element->getHtmlId() ?>">
+<?php if (!$_element->getNoContainer()) : ?>
+    <fieldset class="admin__fieldset fieldset <?= $block->escapeHtmlAttr($_element->getClass()) ?>" id="<?= $_element->getHtmlId() ?>">
 <?php endif; ?>
 
-    <?php if ($_element->getLegend()): ?>
+    <?php if ($_element->getLegend()) : ?>
         <legend class="admin__legend legend">
-            <span><?= /* @escapeNotVerified */ $_element->getLegend() ?></span>
+            <span><?= $block->escapeHtml($_element->getLegend()) ?></span>
             <?= $block->getHintHtml() ?>
         </legend><br/>
-        <?= /* @escapeNotVerified */ $_element->getHeaderBar() ?>
-    <?php else: ?>
+        <?= /* @noEscape */ $_element->getHeaderBar() ?>
+    <?php else : ?>
         <?= $block->getHintHtml() ?>
     <?php endif; ?>
         <div class="admin__fieldset tree-store-scope">
-            <?php if ($_element->getComment()): ?>
+            <?php if ($_element->getComment()) : ?>
             <p class="comment"><?= $block->escapeHtml($_element->getComment()) ?></p>
             <?php endif; ?>
-            <?php if ($_element->hasHtmlContent()): ?>
-               <?= $_element->getHtmlContent() ?>
-            <?php else: ?>
+            <?php if ($_element->hasHtmlContent()) : ?>
+                <?= $_element->getHtmlContent() ?>
+            <?php else : ?>
                 <?= $_element->getChildrenHtml() ?>
             <?php endif; ?>
         </div>
 <?= $_element->getSubFieldsetHtml() ?>
 
-<?php if (!$_element->getNoContainer()): ?>
+<?php if (!$_element->getNoContainer()) : ?>
     </fieldset>
 <?php endif; ?>
-<?php if ($_element->getFieldsetContainerId()): ?>
+<?php if ($_element->getFieldsetContainerId()) : ?>
     </div>
 <?php endif; ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/store/switcher/form/renderer/fieldset/element.phtml b/app/code/Magento/Backend/view/adminhtml/templates/store/switcher/form/renderer/fieldset/element.phtml
index e25c9d22ca40a..959a27279e5c2 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/store/switcher/form/renderer/fieldset/element.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/store/switcher/form/renderer/fieldset/element.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /* @var $block \Magento\Backend\Block\Widget\Form\Renderer\Fieldset\Element */
@@ -24,21 +21,21 @@ $fieldAttributes = $fieldId . ' class="' . $fieldClass . '" '
     . $block->getUiId('form-field', $element->getId());
 ?>
 
-<?php if (!$element->getNoDisplay()): ?>
-    <?php if ($element->getType() == 'hidden'): ?>
+<?php if (!$element->getNoDisplay()) : ?>
+    <?php if ($element->getType() == 'hidden') : ?>
         <?= $element->getElementHtml() ?>
-    <?php else: ?>
-    <div<?= /* @escapeNotVerified */ $fieldAttributes ?>>
-        <?php if ($elementBeforeLabel): ?>
+    <?php else : ?>
+    <div<?= /* @noEscape */ $fieldAttributes ?>>
+        <?php if ($elementBeforeLabel) : ?>
             <?= $element->getElementHtml() ?>
             <?= $element->getLabelHtml('', $element->getScopeLabel()) ?>
-            <?= /* @escapeNotVerified */ $note ?>
-        <?php else: ?>
+            <?= /* @noEscape */ $note ?>
+        <?php else : ?>
             <?= $element->getLabelHtml('', $element->getScopeLabel()) ?>
             <div class="admin__field-control control">
-                <?= /* @escapeNotVerified */ ($addOn) ? '<div class="addon">' . $element->getElementHtml() . '</div>' : $element->getElementHtml() ?>
+                <?= /* @noEscape */ ($addOn) ? '<div class="addon">' . $element->getElementHtml() . '</div>' : $element->getElementHtml() ?>
                 <?= $block->getHintHtml() ?>
-                <?= /* @escapeNotVerified */ $note ?>
+                <?= /* @noEscape */ $note ?>
             </div>
         <?php endif; ?>
     </div>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/system/autocomplete.phtml b/app/code/Magento/Backend/view/adminhtml/templates/system/autocomplete.phtml
index 22d93241f43f2..7ac867970e820 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/system/autocomplete.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/system/autocomplete.phtml
@@ -3,15 +3,12 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <ul class="dropdown-menu">
-    <?php foreach ($items as $item): ?>
-    <li id="<?= /* @escapeNotVerified */ $item['id'] ?>" class="item">
-        <a href="<?= /* @escapeNotVerified */ $item['url'] ?>" class="title"><?= $block->escapeHtml($item['name']) ?></a>
-        <div class="type"><?= /* @escapeNotVerified */ $item['type'] ?></div>
+    <?php foreach ($items as $item) : ?>
+    <li id="<?= $block->escapeHtmlAttr($item['id']) ?>" class="item">
+        <a href="<?= $block->escapeUrl($item['url']) ?>" class="title"><?= $block->escapeHtml($item['name']) ?></a>
+        <div class="type"><?= $block->escapeHtml($item['type']) ?></div>
         <?= $block->escapeHtml($item['description']) ?>
     </li>
     <?php endforeach ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/system/cache/additional.phtml b/app/code/Magento/Backend/view/adminhtml/templates/system/cache/additional.phtml
index b4bc42b95d0aa..c392ebf3883d2 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/system/cache/additional.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/system/cache/additional.phtml
@@ -4,17 +4,15 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var \Magento\Backend\Block\Cache\Permissions|null $permissions */
 $permissions = $block->getData('permissions');
 ?>
-<?php if ($permissions && $permissions->hasAccessToAdditionalActions()): ?>
+<?php if ($permissions && $permissions->hasAccessToAdditionalActions()) : ?>
     <div class="additional-cache-management">
         <h2>
             <span><?= $block->escapeHtml(__('Additional Cache Management')); ?></span>
         </h2>
-        <?php if ($permissions->hasAccessToFlushCatalogImages()): ?>
+        <?php if ($permissions->hasAccessToFlushCatalogImages()) : ?>
             <p>
                 <button onclick="setLocation('<?= $block->escapeJs($block->getCleanImagesUrl()); ?>')" type="button">
                     <?= $block->escapeHtml(__('Flush Catalog Images Cache')); ?>
@@ -22,7 +20,7 @@ $permissions = $block->getData('permissions');
                 <span><?= $block->escapeHtml(__('Pregenerated product images files')); ?></span>
             </p>
         <?php endif; ?>
-        <?php if ($permissions->hasAccessToFlushJsCss()): ?>
+        <?php if ($permissions->hasAccessToFlushJsCss()) : ?>
             <p>
                 <button onclick="setLocation('<?= $block->escapeJs($block->getCleanMediaUrl()); ?>')" type="button">
                     <?= $block->escapeHtml(__('Flush JavaScript/CSS Cache')); ?>
@@ -30,7 +28,7 @@ $permissions = $block->getData('permissions');
                 <span><?= $block->escapeHtml(__('Themes JavaScript and CSS files combined to one file')) ?></span>
             </p>
         <?php endif; ?>
-        <?php if (!$block->isInProductionMode() && $permissions->hasAccessToFlushStaticFiles()): ?>
+        <?php if (!$block->isInProductionMode() && $permissions->hasAccessToFlushStaticFiles()) : ?>
             <p>
                 <button onclick="setLocation('<?= $block->escapeJs($block->getCleanStaticFilesUrl()); ?>')" type="button">
                     <?= $block->escapeHtml(__('Flush Static Files Cache')); ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/system/cache/edit.phtml b/app/code/Magento/Backend/view/adminhtml/templates/system/cache/edit.phtml
index 8e52f245f74d5..d1c51f0755a72 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/system/cache/edit.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/system/cache/edit.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /**
@@ -17,7 +14,7 @@
  */
 ?>
 <div data-mage-init='{"floatingHeader": {}}' class="page-actions"><?= $block->getSaveButtonHtml() ?></div>
-<form action="<?= /* @escapeNotVerified */ $block->getSaveUrl() ?>" method="post" id="config-edit-form" enctype="multipart/form-data">
+<form action="<?= $block->escapeUrl($block->getSaveUrl()) ?>" method="post" id="config-edit-form" enctype="multipart/form-data">
     <?= $block->getBlockHtml('formkey') ?>
 
     <script>
@@ -34,26 +31,30 @@
     <?= $block->getChildHtml('form') ?>
     <div class="entry-edit">
         <div class="entry-edit-head">
-            <h4 class="icon-head head-edit-form fieldset-legend"><?= /* @escapeNotVerified */ __('Catalog') ?></h4>
+            <h4 class="icon-head head-edit-form fieldset-legend"><?= $block->escapeHtml(__('Catalog')) ?></h4>
         </div>
         <fieldset id="catalog">
             <table class="form-list">
                 <tbody>
-                    <?php foreach ($block->getCatalogData() as $_item): ?>
-                    <?php /* disable reindex buttons. functionality moved to index management*/?>
-                    <?php if ($_item['buttons'][0]['name'] != 'clear_images_cache') {
-    continue;
-}?>
+                    <?php foreach ($block->getCatalogData() as $_item) : ?>
+                        <?php /* disable reindex buttons. functionality moved to index management*/?>
+                        <?php
+                        if ($_item['buttons'][0]['name'] != 'clear_images_cache') {
+                            continue;
+                        }
+                        ?>
                     <tr>
-                        <td class="label"><label><?= /* @escapeNotVerified */ $_item['label'] ?></label></td>
+                        <td class="label"><label><?= $block->escapeHtml($_item['label']) ?></label></td>
                         <td class="value">
-                            <?php foreach ($_item['buttons'] as $_button): ?>
+                            <?php foreach ($_item['buttons'] as $_button) : ?>
                                 <?php $clickAction = "setCacheAction('catalog_action',this)"; ?>
-                                <?php if (isset($_button['warning']) && $_button['warning']): ?>
+                                <?php if (isset($_button['warning']) && $_button['warning']) : ?>
+                                    <?php //phpcs:disable ?>
                                     <?php $clickAction = "if (confirm('" . addslashes($_button['warning']) . "')) {{$clickAction}}"; ?>
+                                    <?php //phpcs:enable ?>
                                 <?php endif; ?>
-                                <button <?php if (!isset($_button['disabled']) || !$_button['disabled']):?>onclick="<?= /* @escapeNotVerified */ $clickAction ?>"<?php endif; ?> id="<?= /* @escapeNotVerified */ $_button['name'] ?>" type="button" class="scalable <?php if (isset($_button['disabled']) && $_button['disabled']):?>disabled<?php endif; ?>" style=""><span><span><span><?= /* @escapeNotVerified */ $_button['action'] ?></span></span></span></button>
-                                <?php if (isset($_button['comment'])): ?> <br /> <small><?= /* @escapeNotVerified */ $_button['comment'] ?></small> <?php endif; ?>
+                                <button <?php if (!isset($_button['disabled']) || !$_button['disabled']) :?>onclick="<?=  /* @noEscape */ $clickAction ?>"<?php endif; ?> id="<?= $block->escapeHtmlAttr($_button['name']) ?>" type="button" class="scalable <?php if (isset($_button['disabled']) && $_button['disabled']) :?>disabled<?php endif; ?>" style=""><span><span><span><?= $block->escapeHtml($_button['action']) ?></span></span></span></button>
+                                <?php if (isset($_button['comment'])) : ?> <br /> <small><?= $block->escapeHtml($_button['comment']) ?></small> <?php endif; ?>
                             <?php endforeach; ?>
                         </td>
                         <td><small>&nbsp;</small></td>
@@ -66,16 +67,16 @@
 
     <div class="entry-edit">
         <div class="entry-edit-head">
-            <h4 class="icon-head head-edit-form fieldset-legend"><?= /* @escapeNotVerified */ __('JavaScript/CSS') ?></h4>
+            <h4 class="icon-head head-edit-form fieldset-legend"><?= $block->escapeHtml(__('JavaScript/CSS')) ?></h4>
         </div>
 
         <fieldset id="jscss">
             <table class="form-list">
                 <tbody>
                     <tr>
-                        <td class="label"><label><?= /* @escapeNotVerified */ __('JavaScript/CSS Cache') ?></label></td>
+                        <td class="label"><label><?= $block->escapeHtml(__('JavaScript/CSS Cache')) ?></label></td>
                         <td class="value">
-                            <button onclick="setCacheAction('jscss_action', this)" id='jscss_action' type="button" class="scalable"><span><span><span><?= /* @escapeNotVerified */ __('Clear') ?></span></span></span></button>
+                            <button onclick="setCacheAction('jscss_action', this)" id='jscss_action' type="button" class="scalable"><span><span><span><?= $block->escapeHtml(__('Clear')) ?></span></span></span></button>
                         </td>
                     </tr>
                 </tbody>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/system/design/edit.phtml b/app/code/Magento/Backend/view/adminhtml/templates/system/design/edit.phtml
index 6b2f932cac7bf..c9cd765de35be 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/system/design/edit.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/system/design/edit.phtml
@@ -4,7 +4,7 @@
  * See COPYING.txt for license details.
  */
 ?>
-<form action="<?= /* @escapeNotVerified */ $block->getSaveUrl() ?>" method="post" id="design-edit-form">
+<form action="<?= $block->escapeUrl($block->getSaveUrl()) ?>" method="post" id="design-edit-form">
     <?= $block->getBlockHtml('formkey') ?>
 </form>
 <script>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/system/design/index.phtml b/app/code/Magento/Backend/view/adminhtml/templates/system/design/index.phtml
index 902c6932f0ae1..c0928f4723b50 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/system/design/index.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/system/design/index.phtml
@@ -3,8 +3,5 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?= $block->getChildHtml('grid') ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/system/search.phtml b/app/code/Magento/Backend/view/adminhtml/templates/system/search.phtml
index af369800287c1..6e94770c6e408 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/system/search.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/system/search.phtml
@@ -4,8 +4,6 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var $block \Magento\Backend\Block\GlobalSearch */
 ?>
 <div class="search-global" data-mage-init='{"globalSearch": {}}'>
@@ -17,27 +15,29 @@
                     class="search-global-input"
                     id="search-global"
                     name="query"
-                    data-mage-init='<?= /* @noEscape */ $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($block->getWidgetInitOptions()) ?>'>
+                    <?php //phpcs:disable ?>
+                    data-mage-init='<?= /* @noEscape */ $this->helper(\Magento\Framework\Json\Helper\Data::class)->jsonEncode($block->getWidgetInitOptions()) ?>'>
+                    <?php //phpcs:enable ?>
             <button
                 type="submit"
                 class="search-global-action"
-                title="<?= /* @escapeNotVerified */ __('Search') ?>"
+                title="<?= $block->escapeHtmlAttr(__('Search')) ?>"
                 ></button>
         </div>
     </form>
     <script data-template="search-suggest" type="text/x-magento-template">
         <ul class="search-global-menu">
         <li class="item">
-            <a id="searchPreviewProducts" href="<?= /* @escapeNotVerified */ $block->getUrl('catalog/product/index/') ?>?search=<%- data.term%>" class="title">"<%- data.term%>" in Products</a>
+            <a id="searchPreviewProducts" href="<?= $block->escapeUrl($block->getUrl('catalog/product/index/')) ?>?search=<%- data.term%>" class="title">"<%- data.term%>" in Products</a>
         </li>
         <li class="item">
-            <a id="searchPreviewOrders" href="<?= /* @escapeNotVerified */ $block->getUrl('sales/order/index/') ?>?search=<%- data.term%>" class="title">"<%- data.term%>" in Orders</a>
+            <a id="searchPreviewOrders" href="<?= $block->escapeUrl($block->getUrl('sales/order/index/')) ?>?search=<%- data.term%>" class="title">"<%- data.term%>" in Orders</a>
         </li>
         <li class="item">
-            <a id="searchPreviewCustomers" href="<?= /* @escapeNotVerified */ $block->getUrl('customer/index/index/') ?>?search=<%- data.term%>" class="title">"<%- data.term%>" in Customers</a>
+            <a id="searchPreviewCustomers" href="<?= $block->escapeUrl($block->getUrl('customer/index/index/')) ?>?search=<%- data.term%>" class="title">"<%- data.term%>" in Customers</a>
         </li>
         <li class="item">
-            <a id="searchPreviewPages" href="<?= /* @escapeNotVerified */ $block->getUrl('cms/page/index/') ?>?search=<%- data.term%>" class="title">"<%- data.term%>" in Pages</a>
+            <a id="searchPreviewPages" href="<?= $block->escapeUrl($block->getUrl('cms/page/index/')) ?>?search=<%- data.term%>" class="title">"<%- data.term%>" in Pages</a>
         </li>
             <% if (data.items.length) { %>
             <% _.each(data.items, function(value){ %>
@@ -52,7 +52,7 @@
         <% } else { %>
             <li>
                 <span class="mage-suggest-no-records">
-                    <?= /* @escapeNotVerified */ __('No records found.') ?>
+                    <?= $block->escapeHtml(__('No records found.')) ?>
                 </span>
             </li>
         <% } %>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/accordion.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/accordion.phtml
index 60cd51b496aa7..fecf5365544e0 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/accordion.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/accordion.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /**
@@ -13,9 +10,9 @@
  */
 $items = $block->getItems();
 ?>
-<?php if (!empty($items)): ?>
+<?php if (!empty($items)) : ?>
     <dl id="tab_content_<?= $block->getHtmlId() ?>" name="tab_content_<?= $block->getHtmlId() ?>" class="accordion">
-    <?php foreach ($items as $_item): ?>
+    <?php foreach ($items as $_item) : ?>
         <?= $block->getChildHtml($_item->getId()) ?>
     <?php endforeach ?>
     </dl>
@@ -23,7 +20,7 @@ $items = $block->getItems();
         require([
             'mage/adminhtml/accordion'
         ], function(){
-        	tab_content_<?= $block->getHtmlId() ?>AccordionJs = new varienAccordion('tab_content_<?= $block->getHtmlId() ?>', '<?= /* @escapeNotVerified */ $block->getShowOnlyOne() ?>');
-    	});
+            tab_content_<?= $block->getHtmlId() ?>AccordionJs = new varienAccordion('tab_content_<?= $block->getHtmlId() ?>', '<?= $block->escapeJs($block->getShowOnlyOne()) ?>');
+        });
     </script>
 <?php endif; ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/breadcrumbs.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/breadcrumbs.phtml
index 74cd4eb7f2c9d..fb7cc63ebc10b 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/breadcrumbs.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/breadcrumbs.phtml
@@ -3,25 +3,22 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<?php if (!empty($links)): ?>
+<?php if (!empty($links)) : ?>
 <ul class="breadcrumbs">
     <?php $_size = count($links); ?>
-    <?php foreach ($links as $_index => $_link): ?>
+    <?php foreach ($links as $_index => $_link) : ?>
     <li>
-        <?php if (empty($_link['url'])): ?>
-            <?php if ($_index != $_size-1): ?>
+        <?php if (empty($_link['url'])) : ?>
+            <?php if ($_index != $_size-1) : ?>
                 <span><?= $block->escapeHtml($_link['label']) ?></span>
-            <?php else: ?>
+            <?php else : ?>
                 <strong><?= $block->escapeHtml($_link['label']) ?></strong>
             <?php endif; ?>
-        <?php else: ?>
-            <a href="<?= /* @escapeNotVerified */ $_link['url'] ?>" title="<?= $block->escapeHtml($_link['title']) ?>"><?= $block->escapeHtml($_link['label']) ?></a>
+        <?php else : ?>
+            <a href="<?=  $block->escapeUrl($_link['url']) ?>" title="<?= $block->escapeHtml($_link['title']) ?>"><?= $block->escapeHtml($_link['label']) ?></a>
         <?php endif; ?>
-        <?php if ($_index != $_size-1): ?>
+        <?php if ($_index != $_size-1) : ?>
             &raquo;
         <?php endif; ?>
     </li>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/button.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/button.phtml
index d3376745afe39..b743b9bee10db 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/button.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/button.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /**
@@ -13,7 +10,7 @@
  */
 ?>
 <?= $block->getBeforeHtml() ?>
-<button <?= /* @escapeNotVerified */ $block->getAttributesHtml(), $block->getUiId() ?>>
-    <span><?= /* @escapeNotVerified */ $block->getLabel() ?></span>
+<button <?= /* @noEscape */ $block->getAttributesHtml(), $block->getUiId() ?>>
+    <span><?= $block->escapeHtml($block->getLabel()) ?></span>
 </button>
 <?= $block->getAfterHtml() ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/button/split.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/button/split.phtml
index a115777624e91..0123de098a9e0 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/button/split.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/button/split.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /** @var $block \Magento\Backend\Block\Widget\Button\SplitButton */
@@ -15,20 +12,20 @@
     <button <?= $block->getButtonAttributesHtml() ?>>
         <span><?= $block->escapeHtml($block->getLabel()) ?></span>
     </button>
-    <?php if ($block->hasSplit()): ?>
+    <?php if ($block->hasSplit()) : ?>
         <button <?= $block->getToggleAttributesHtml() ?>>
             <span>Select</span>
         </button>
 
-        <?php if (!$block->getDisabled()): ?>
-            <ul class="dropdown-menu" <?= /* @escapeNotVerified */ $block->getUiId("dropdown-menu") ?>>
-                <?php foreach ($block->getOptions() as $key => $option): ?>
+        <?php if (!$block->getDisabled()) : ?>
+            <ul class="dropdown-menu" <?= /* @noEscape */ $block->getUiId("dropdown-menu") ?>>
+                <?php foreach ($block->getOptions() as $key => $option) : ?>
                 <li>
                     <span <?= $block->getOptionAttributesHtml($key, $option) ?>>
                         <?= $block->escapeHtml($option['label']) ?>
                     </span>
-                    <?php if (isset($option['hint'])): ?>
-                    <div class="tooltip" <?= /* @escapeNotVerified */ $block->getUiId('item', $key, 'tooltip') ?>>
+                    <?php if (isset($option['hint'])) : ?>
+                    <div class="tooltip" <?= /* @noEscape */ $block->getUiId('item', $key, 'tooltip') ?>>
                         <a href="<?= $block->escapeHtml($option['hint']['href']) ?>" class="help">
                             <?= $block->escapeHtml($option['hint']['label']) ?>
                         </a>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/form.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/form.phtml
index dc7d02795a054..62f8d25ce1be2 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/form.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/form.phtml
@@ -4,8 +4,6 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var $block \Magento\Backend\Block\Widget\Form */
 ?>
 <?php /* @todo replace .form-inline with better class name */?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/form/container.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/form/container.phtml
index bcbda8fc761ac..aa289dbf1eb0f 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/form/container.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/form/container.phtml
@@ -4,15 +4,13 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var $block \Magento\Backend\Block\Widget\Form\Container */
- ?>
-<?= /* @escapeNotVerified */ $block->getFormInitScripts() ?>
-<?php if ($block->getButtonsHtml('header')): ?>
-    <div class="page-form-actions" <?= /* @escapeNotVerified */ $block->getUiId('content-header') ?>><?= $block->getButtonsHtml('header') ?></div>
+?>
+<?= /* @noEscape */ $block->getFormInitScripts() ?>
+<?php if ($block->getButtonsHtml('header')) : ?>
+    <div class="page-form-actions" <?= /* @noEscape */ $block->getUiId('content-header') ?>><?= $block->getButtonsHtml('header') ?></div>
 <?php endif; ?>
-<?php if ($block->getButtonsHtml('toolbar')): ?>
+<?php if ($block->getButtonsHtml('toolbar')) : ?>
     <div class="page-main-actions">
         <div class="page-actions">
             <div class="page-actions-buttons">
@@ -22,7 +20,7 @@
     </div>
 <?php endif; ?>
 <?= $block->getFormHtml() ?>
-<?php if ($block->hasFooterButtons()): ?>
+<?php if ($block->hasFooterButtons()) : ?>
     <div class="content-footer">
         <p class="form-buttons"><?= $block->getButtonsHtml('footer') ?></p>
     </div>
@@ -36,7 +34,7 @@ require([
 
     $('#edit_form').form()
         .validation({
-            validationUrl: '<?= /* @escapeNotVerified */ $block->getValidationUrl() ?>',
+            validationUrl: '<?= $block->escapeJs($block->getValidationUrl()) ?>',
             highlight: function(element) {
                 var detailsElement = $(element).closest('details');
                 if (detailsElement.length && detailsElement.is('.details')) {
@@ -51,4 +49,4 @@ require([
 
 });
 </script>
-<?= /* @escapeNotVerified */ $block->getFormScripts() ?>
+<?= /* @noEscape */ $block->getFormScripts() ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/form/element.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/form/element.phtml
index 720bc1e58259d..ec53f7e5c74ce 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/form/element.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/form/element.phtml
@@ -4,59 +4,46 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+$type = $element->getType();
 ?>
-<?php switch ($element->getType()) {
-    case 'fieldset': ?>
-
+<?php if ($type === 'fieldset') : ?>
     <fieldset>
-        <legend><?= /* @escapeNotVerified */ $element->getLegend() ?></legend><br />
-        <?php foreach ($element->getElements() as $_element): ?>
-            <?= /* @escapeNotVerified */ $formBlock->drawElement($_element) ?>
+        <legend><?= $block->escapeHtml($element->getLegend()) ?></legend><br />
+        <?php foreach ($element->getElements() as $_element) : ?>
+            <?= /* @noEscape */ $formBlock->drawElement($_element) ?>
         <?php endforeach; ?>
     </fieldset>
-      <?php break;
-    case 'column': ?>
-      <?php break;
-    case 'hidden': ?>
-    <input type="<?= /* @escapeNotVerified */ $element->getType() ?>" name="<?= /* @escapeNotVerified */ $element->getName() ?>" id="<?= $element->getHtmlId() ?>" value="<?= /* @escapeNotVerified */ $element->getValue() ?>">
-      <?php break;
-    case 'select': ?>
+<?php elseif ($type === 'hidden') : ?>
+    <input type="<?= $block->escapeHtmlAttr($element->getType()) ?>" name="<?= $block->escapeHtmlAttr($element->getName()) ?>" id="<?= $element->getHtmlId() ?>" value="<?= $block->escapeHtmlAttr($element->getValue()) ?>">
+    <?php elseif ($type === 'select') : ?>
     <span class="form_row">
-        <?php if ($element->getLabel()): ?><label for="<?= $element->getHtmlId() ?>"><?= /* @escapeNotVerified */ $element->getLabel() ?>:</label><?php endif; ?>
-        <select name="<?= /* @escapeNotVerified */ $element->getName() ?>" id="<?= $element->getHtmlId() ?>" class="select<?= /* @escapeNotVerified */ $element->getClass() ?>" title="<?= /* @escapeNotVerified */ $element->getTitle() ?>">
-        <?php foreach ($element->getValues() as $_value): ?>
-            <option <?= /* @escapeNotVerified */ $_value->serialize() ?><?php if ($_value->getValue() == $element->getValue()): ?> selected="selected"<?php endif; ?>><?= /* @escapeNotVerified */ $_value->getLabel() ?></option>
+        <?php if ($element->getLabel()) : ?><label for="<?= $element->getHtmlId() ?>"><?= $block->escapeHtml($element->getLabel()) ?>:</label><?php endif; ?>
+        <select name="<?= $block->escapeHtmlAttr($element->getName()) ?>" id="<?= $element->getHtmlId() ?>" class="select<?= $block->escapeHtmlAttr($element->getClass()) ?>" title="<?=  $block->escapeHtmlAttr($element->getTitle()) ?>">
+        <?php foreach ($element->getValues() as $_value) : ?>
+            <option <?= /* @noEscape */ $_value->serialize() ?><?php if ($_value->getValue() == $element->getValue()) : ?> selected="selected"<?php endif; ?>><?= $block->escapeHtml($_value->getLabel()) ?></option>
         <?php endforeach; ?>
         </select>
     </span>
-      <?php break;
-    case 'text':
-    case 'button':
-    case 'password': ?>
+<?php elseif ($type === 'text' || $type === 'button' || $type === 'password') : ?>
     <span class="form_row">
-        <?php if ($element->getLabel()): ?><label for="<?= $element->getHtmlId() ?>" <?= /* @escapeNotVerified */ $block->getUiId('label') ?>><?= /* @escapeNotVerified */ $element->getLabel() ?>:</label><?php endif; ?>
-        <input type="<?= /* @escapeNotVerified */ $element->getType() ?>" name="<?= /* @escapeNotVerified */ $element->getName() ?>" id="<?= $element->getHtmlId() ?>" value="<?= /* @escapeNotVerified */ $element->getValue() ?>" class="input-text <?= /* @escapeNotVerified */ $element->getClass() ?>" title="<?= /* @escapeNotVerified */ $element->getTitle() ?>" <?= ($element->getOnClick() ? 'onClick="' . $element->getOnClick() . '"' : '') ?>/>
+        <?php if ($element->getLabel()) : ?><label for="<?= $element->getHtmlId() ?>" <?= /* @noEscape */ $block->getUiId('label') ?>><?= $block->escapeHtml($element->getLabel()) ?>:</label><?php endif; ?>
+        <input type="<?= $block->escapeHtmlAttr($element->getType()) ?>" name="<?= $block->escapeHtmlAttr($element->getName()) ?>" id="<?= /* @noEscape */ $element->getHtmlId() ?>" value="<?= $block->escapeHtmlAttr($element->getValue()) ?>" class="input-text <?= $block->escapeHtmlAttr($element->getClass()) ?>" title="<?= $block->escapeHtmlAttr($element->getTitle()) ?>" <?= /* @noEscape */ ($element->getOnClick() ? 'onClick="' . $element->getOnClick() . '"' : '') ?>/>
     </span>
-      <?php break;
-    case 'radio': ?>
+<?php elseif ($type === 'radio') : ?>
     <span class="form_row">
-        <?php if ($element->getLabel()): ?><label for="<?= $element->getHtmlId() ?>"><?= /* @escapeNotVerified */ $element->getLabel() ?>:</label><?php endif; ?>
-        <input type="<?= /* @escapeNotVerified */ $element->getType() ?>" name="<?= /* @escapeNotVerified */ $element->getName() ?>" id="<?= $element->getHtmlId() ?>" value="<?= /* @escapeNotVerified */ $element->getValue() ?>" class="input-text <?= /* @escapeNotVerified */ $element->getClass() ?>" title="<?= /* @escapeNotVerified */ $element->getTitle() ?>"/>
+        <?php if ($element->getLabel()) : ?><label for="<?= $element->getHtmlId() ?>"><?= $block->escapeHtml($element->getLabel()) ?>:</label><?php endif; ?>
+        <input type="<?=  $block->escapeHtmlAttr($element->getType()) ?>" name="<?=  $block->escapeHtmlAttr($element->getName()) ?>" id="<?= $element->getHtmlId() ?>" value="<?=  $block->escapeHtmlAttr($element->getValue()) ?>" class="input-text <?= $block->escapeHtmlAttr($element->getClass()) ?>" title="<?=  $block->escapeHtmlAttr($element->getTitle()) ?>"/>
     </span>
-      <?php break;
-    case 'radios': ?>
+<?php elseif ($type === 'radios') : ?>
     <span class="form_row">
-        <label for="<?= $element->getHtmlId() ?>"><?= /* @escapeNotVerified */ $element->getLabel() ?>:</label>
-    <?php foreach ($element->getRadios() as $_radio): ?>
-    <input type="radio" name="<?= /* @escapeNotVerified */ $_radio->getName() ?>" id="<?= $_radio->getHtmlId() ?>" value="<?= /* @escapeNotVerified */ $_radio->getValue() ?>" class="input-radio <?= /* @escapeNotVerified */ $_radio->getClass() ?>" title="<?= /* @escapeNotVerified */ $_radio->getTitle() ?>" <?= ($_radio->getValue() == $element->getChecked()) ? 'checked="true"' : '' ?> >&nbsp;<?= /* @escapeNotVerified */ $_radio->getLabel() ?>
+        <label for="<?= $element->getHtmlId() ?>"><?= $block->escapeHtml($element->getLabel()) ?>:</label>
+    <?php foreach ($element->getRadios() as $_radio) : ?>
+    <input type="radio" name="<?=  $block->escapeHtmlAttr($_radio->getName()) ?>" id="<?= $_radio->getHtmlId() ?>" value="<?=  $block->escapeHtmlAttr($_radio->getValue()) ?>" class="input-radio <?= $block->escapeHtmlAttr($_radio->getClass()) ?>" title="<?=  $block->escapeHtmlAttr($_radio->getTitle()) ?>" <?= ($_radio->getValue() == $element->getChecked()) ? 'checked="true"' : '' ?> >&nbsp;<?= $block->escapeHtml($_radio->getLabel()) ?>
     <?php endforeach; ?>
     </span>
-      <?php break;
-    case 'wysiwyg': ?>
+<?php elseif ($type === 'wysiwyg') : ?>
     <span class="form_row">
-      <label for="<?= $element->getHtmlId() ?>"><?= /* @escapeNotVerified */ $element->getLabel() ?>:</label>
+      <label for="<?= $element->getHtmlId() ?>"><?= $block->escapeHtml($element->getLabel()) ?>:</label>
         <script>
         require([
             "wysiwygAdapter"
@@ -65,7 +52,7 @@
             tinyMCE.init({
                 mode : "exact",
                 theme : "advanced",
-                elements : "<?= /* @escapeNotVerified */ $element->getName() ?>",
+                elements : "<?= $block->escapeJs($element->getName()) ?>",
                 plugins : "inlinepopups,style,layer,table,save,advhr,advimage,advlink,emotions,iespell,insertdatetime,preview,zoom,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras",
                 theme_advanced_buttons1 : "newdocument,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,|,styleselect,formatselect,fontselect,fontsizeselect",
                 theme_advanced_buttons2 : "cut,copy,paste,pastetext,pasteword,|,search,replace,|,bullist,numlist,|,outdent,indent,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code,|,insertdate,inserttime,preview,|,forecolor,backcolor",
@@ -84,24 +71,16 @@
             });
         });
 </script>
-      <textarea name="<?= /* @escapeNotVerified */ $element->getName() ?>" title="<?= /* @escapeNotVerified */ $element->getTitle() ?>" id="<?= $element->getHtmlId() ?>" class="textarea <?= /* @escapeNotVerified */ $element->getClass() ?>" cols="80" rows="20"><?= /* @escapeNotVerified */ $element->getValue() ?></textarea>
+      <textarea name="<?= $block->escapeHtmlAttr($element->getName()) ?>" title="<?=  $block->escapeHtmlAttr($element->getTitle()) ?>" id="<?= $element->getHtmlId() ?>" class="textarea <?= $block->escapeHtmlAttr($element->getClass()) ?>" cols="80" rows="20"><?= $block->escapeHtml($element->getValue()) ?></textarea>
     </span>
-      <?php break;
-        case 'textarea': ?>
+<?php elseif ($type === 'textarea') : ?>
             <span class="form_row">
-                    <label for="<?= $element->getHtmlId() ?>"><?= /* @escapeNotVerified */ $element->getLabel() ?>:</label>
-                    <textarea name="<?= /* @escapeNotVerified */ $element->getName() ?>" title="<?= /* @escapeNotVerified */ $element->getTitle() ?>" id="<?= $element->getHtmlId() ?>" class="textarea <?= /* @escapeNotVerified */ $element->getClass() ?>" cols="15" rows="2"><?= /* @escapeNotVerified */ $element->getValue() ?></textarea>
+                    <label for="<?= $element->getHtmlId() ?>"><?= $block->escapeHtml($element->getLabel()) ?>:</label>
+                    <textarea name="<?= $block->escapeHtmlAttr($element->getName()) ?>" title="<?=  $block->escapeHtmlAttr($element->getTitle()) ?>" id="<?= $element->getHtmlId() ?>" class="textarea <?= $block->escapeHtmlAttr($element->getClass()) ?>" cols="15" rows="2"><?= $block->escapeHtml($element->getValue()) ?></textarea>
             </span>
-      <?php break;
-    case 'editor': ?>
-      <?php break;
-    case 'file': ?>
-      <?php break;
-    case 'checkbox': ?>
-      <?php break;
-} ?>
-<?php if ($element->getScript()): ?>
+<?php endif; ?>
+<?php if ($element->getScript()) : ?>
 <script>
-    <?= /* @escapeNotVerified */ $element->getScript() ?>
+    <?= /* @noEscape */ $element->getScript() ?>
 </script>
 <?php endif; ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/form/element/gallery.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/form/element/gallery.phtml
index e11c0efc123ff..5c07b35e72a19 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/form/element/gallery.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/form/element/gallery.phtml
@@ -3,20 +3,17 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <tr>
 <td colspan="2">
-<label for="gallery"><?= /* @escapeNotVerified */ __('Images') ?></label>
+<label for="gallery"><?= $block->escapeHtml(__('Images')) ?></label>
 <table id="gallery" class="gallery" border="0" cellspacing="3" cellpadding="0">
 <thead id="gallery_thead" class="gallery">
     <tr class="gallery">
-        <td class="gallery" valign="middle" align="center"><?= /* @escapeNotVerified */ __('Big Image') ?></td>
-        <td class="gallery" valign="middle" align="center"><?= /* @escapeNotVerified */ __('Thumbnail') ?></td>
-        <td class="gallery" valign="middle" align="center"><?= /* @escapeNotVerified */ __('Sort Order') ?></td>
-        <td class="gallery" valign="middle" align="center"><?= /* @escapeNotVerified */ __('Delete') ?></td>
+        <td class="gallery" valign="middle" align="center"><?= $block->escapeHtml(__('Big Image')) ?></td>
+        <td class="gallery" valign="middle" align="center"><?= $block->escapeHtml(__('Thumbnail')) ?></td>
+        <td class="gallery" valign="middle" align="center"><?= $block->escapeHtml(__('Sort Order')) ?></td>
+        <td class="gallery" valign="middle" align="center"><?= $block->escapeHtml(__('Delete')) ?></td>
     </tr>
 </thead>
 
@@ -28,22 +25,22 @@
 
 <tbody class="gallery">
 
-<?php $i = 0; if (!is_null($block->getValues())): ?>
-    <?php foreach ($block->getValues() as $image): $i++; ?>
-        <tr id="<?= $block->getElement()->getHtmlId() ?>_tr_<?= /* @escapeNotVerified */ $image->getValueId() ?>" class="gallery">
-        <?php foreach ($block->getValues()->getAttributeBackend()->getImageTypes() as $type): ?>
+<?php $i = 0; if ($block->getValues() !== null) : ?>
+    <?php foreach ($block->getValues() as $image) : $i++; ?>
+        <tr id="<?= $block->getElement()->getHtmlId() ?>_tr_<?= $block->escapeHtmlAttr($image->getValueId()) ?>" class="gallery">
+        <?php foreach ($block->getValues()->getAttributeBackend()->getImageTypes() as $type) : ?>
             <td class="gallery" align="center" style="vertical-align:bottom;">
-            <a href="<?= /* @escapeNotVerified */ $image->setType($type)->getSourceUrl() ?>" target="_blank" onclick="imagePreview('<?= $block->getElement()->getHtmlId() ?>_image_<?= /* @escapeNotVerified */ $type ?>_<?= /* @escapeNotVerified */ $image->getValueId() ?>');return false;">
-            <img id="<?= $block->getElement()->getHtmlId() ?>_image_<?= /* @escapeNotVerified */ $type ?>_<?= /* @escapeNotVerified */ $image->getValueId() ?>" src="<?= /* @escapeNotVerified */ $image->setType($type)->getSourceUrl() ?>?<?= /* @escapeNotVerified */ time() ?>" alt="<?= /* @escapeNotVerified */ $image->getValue() ?>" title="<?= /* @escapeNotVerified */ $image->getValue() ?>" height="25" class="small-image-preview v-middle"/></a><br/>
-            <input type="file" name="<?= /* @escapeNotVerified */ $block->getElement()->getName() ?>_<?= /* @escapeNotVerified */ $type ?>[<?= /* @escapeNotVerified */ $image->getValueId() ?>]" size="1"></td>
+            <a href="<?= $block->escapeUrl($image->setType($type)->getSourceUrl()) ?>" target="_blank" onclick="imagePreview('<?= $block->getElement()->getHtmlId() ?>_image_<?= $block->escapeHtmlAttr($block->escapeJs($type)) ?>_<?= $block->escapeHtmlAttr($block->escapeJs($image->getValueId())) ?>');return false;">
+            <img id="<?= $block->getElement()->getHtmlId() ?>_image_<?= $block->escapeHtmlAttr($type) ?>_<?= $block->escapeHtmlAttr($image->getValueId()) ?>" src="<?= $block->escapeUrl($image->setType($type)->getSourceUrl()) ?>?<?= /* @noEscape */ time() ?>" alt="<?= $block->escapeHtmlAttr($image->getValue()) ?>" title="<?= $block->escapeHtmlAttr($image->getValue()) ?>" height="25" class="small-image-preview v-middle"/></a><br/>
+            <input type="file" name="<?= $block->escapeHtmlAttr($block->getElement()->getName()) ?>_<?= $block->escapeHtmlAttr($type) ?>[<?= $block->escapeHtmlAttr($image->getValueId()) ?>]" size="1"></td>
         <?php endforeach; ?>
-        <td class="gallery" align="center" style="vertical-align:bottom;"><input type="input" name="<?= /* @escapeNotVerified */ $block->getElement()->getParentName() ?>[position][<?= /* @escapeNotVerified */ $image->getValueId() ?>]" value="<?= /* @escapeNotVerified */ $image->getPosition() ?>" id="<?= $block->getElement()->getHtmlId() ?>_position_<?= /* @escapeNotVerified */ $image->getValueId() ?>" size="3"/></td>
-        <td class="gallery" align="center" style="vertical-align:bottom;"><?= $block->getDeleteButtonHtml($image->getValueId()) ?><input type="hidden" name="<?= /* @escapeNotVerified */ $block->getElement()->getParentName() ?>[delete][<?= /* @escapeNotVerified */ $image->getValueId() ?>]" id="<?= $block->getElement()->getHtmlId() ?>_delete_<?= /* @escapeNotVerified */ $image->getValueId() ?>"/></td>
+        <td class="gallery" align="center" style="vertical-align:bottom;"><input type="input" name="<?= $block->escapeHtmlAttr($block->getElement()->getParentName()) ?>[position][<?= $block->escapeHtmlAttr($image->getValueId()) ?>]" value="<?= $block->escapeHtmlAttr($image->getPosition()) ?>" id="<?= $block->getElement()->getHtmlId() ?>_position_<?= $block->escapeHtmlAttr($image->getValueId()) ?>" size="3"/></td>
+        <td class="gallery" align="center" style="vertical-align:bottom;"><?= $block->getDeleteButtonHtml($image->getValueId()) ?><input type="hidden" name="<?= $block->escapeHtmlAttr($block->getElement()->getParentName()) ?>[delete][<?= $block->escapeHtmlAttr($image->getValueId()) ?>]" id="<?= $block->getElement()->getHtmlId() ?>_delete_<?= $block->escapeHtmlAttr($image->getValueId()) ?>"/></td>
         </tr>
     <?php endforeach; ?>
 <?php endif; ?>
 
-<?php if ($i == 0): ?>
+<?php if ($i == 0) : ?>
     <script>
 document.getElementById("gallery_thead").style.visibility="hidden";
 </script>
@@ -56,7 +53,7 @@ require([
     'prototype'
 ], function () {
 id = 0;
-num_of_images = <?= /* @escapeNotVerified */ $i ?>;
+num_of_images = <?= /* @noEscape */ $i ?>;
 
 window.addNewImage = function()
 {
@@ -65,17 +62,19 @@ window.addNewImage = function()
 
     id--;
     num_of_images++;
-    new_file_input = '<input type="file" name="<?= /* @escapeNotVerified */ $block->getElement()->getName() ?>_%j%[%id%]" size="1">';
+    new_file_input = '<input type="file" name="<?= $block->escapeHtmlAttr($block->getElement()->getName()) ?>_%j%[%id%]" size="1">';
 
     // Sort order input
     var new_row_input = document.createElement( 'input' );
     new_row_input.type = 'text';
-    new_row_input.name = '<?= /* @escapeNotVerified */ $block->getElement()->getParentName() ?>[position]['+id+']';
+    new_row_input.name = '<?= $block->escapeJs($block->getElement()->getParentName()) ?>[position]['+id+']';
     new_row_input.size = '3';
     new_row_input.value = '0';
 
     // Delete button
-    new_row_button = <?= /* @escapeNotVerified */ $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($block->getDeleteButtonHtml("this")) ?>;
+    <?php //phpcs:disable ?>
+    new_row_button = <?= /* @noEscape */ $this->helper(\Magento\Framework\Json\Helper\Data::class)->jsonEncode($block->getDeleteButtonHtml("this")) ?>;
+    <?php // phpcs:enable ?>
 
     table = document.getElementById( "gallery" );
 
@@ -114,8 +113,8 @@ window.deleteImage = function(image)
         document.getElementById("gallery_thead").style.visibility="hidden";
     }
     if (image>0) {
-        document.getElementById('<?= /* @escapeNotVerified */ $block->getElement()->getName() ?>_delete_'+image).value=image;
-        document.getElementById('<?= /* @escapeNotVerified */ $block->getElement()->getName() ?>_tr_'+image).style.display='none';
+        document.getElementById('<?= $block->escapeJs($block->getElement()->getName()) ?>_delete_'+image).value=image;
+        document.getElementById('<?= $block->escapeJs($block->getElement()->getName()) ?>_tr_'+image).style.display='none';
     } else {
         image.parentNode.parentNode.parentNode.removeChild( image.parentNode.parentNode );
     }
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/form/renderer/element.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/form/renderer/element.phtml
index ae0bcb826a1a3..e74e5b1e0fe94 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/form/renderer/element.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/form/renderer/element.phtml
@@ -3,16 +3,13 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php $_element = $block->getElement() ?>
-<?php if ($_element->getNoSpan() !== true): ?>
+<?php if ($_element->getNoSpan() !== true) : ?>
 <span class="field-row">
 <?php endif; ?>
 <?= $_element->getLabelHtml() ?>
 <?= $_element->getElementHtml() ?>
-<?php if ($_element->getNoSpan() !== true): ?>
+<?php if ($_element->getNoSpan() !== true) : ?>
 </span>
 <?php endif; ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/form/renderer/fieldset.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/form/renderer/fieldset.phtml
index aaf1cb5ff550e..a708871c7ed00 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/form/renderer/fieldset.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/form/renderer/fieldset.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /** @var $element \Magento\Framework\Data\Form\Element\Fieldset */
@@ -32,40 +29,40 @@ if ($isField) {
 
 <?php
 /**
-* @todo investigate situations, when the following is needed:
-* echo $element->getHeaderBar();
-* echo $element->getSubFieldsetHtml();
-*/ ?>
+ * @todo investigate situations, when the following is needed:
+ * echo $element->getHeaderBar();
+ * echo $element->getSubFieldsetHtml();
+ */ ?>
 
-<?php if ($isWrapped): ?>
+<?php if ($isWrapped) : ?>
     <div class="fieldset-wrapper <?= ($isCollapsable) ? 'admin__collapsible-block-wrapper ' : '' ?>"
-        id="<?= /* @escapeNotVerified */ $containerId ? $containerId : $id . '-wrapper' ?>"
-        data-role="<?= /* @escapeNotVerified */ $id ?>-wrapper">
+        id="<?=  $block->escapeHtmlAttr($containerId ? $containerId : $id . '-wrapper') ?>"
+        data-role="<?=  $block->escapeHtmlAttr($id) ?>-wrapper">
         <div class="fieldset-wrapper-title admin__fieldset-wrapper-title">
-            <strong <?php /* @escapeNotVerified */ echo($isCollapsable) ?
+            <strong <?= /* @noEscape */ $isCollapsable ?
                 'class="admin__collapsible-title" data-toggle="collapse" data-target="#' . $id . '-content"' :
                 'class="title"'; ?>>
-                <span><?= /* @escapeNotVerified */ $element->getLegend() ?></span>
+                <span><?= $block->escapeHtml($element->getLegend()) ?></span>
             </strong>
-            <?= /* @escapeNotVerified */ $titleActions ?>
+            <?= /* @noEscape */ $titleActions ?>
         </div>
         <div class="fieldset-wrapper-content admin__fieldset-wrapper-content<?= ($isCollapsable) ? ' collapse' : '' ?>"
-            id="<?= /* @escapeNotVerified */ $id ?>-content"
-            data-role="<?= /* @escapeNotVerified */ $id ?>-content">
+            id="<?=  $block->escapeHtmlAttr($id) ?>-content"
+            data-role="<?=  $block->escapeHtmlAttr($id) ?>-content">
 <?php endif; ?>
 
-    <?php if (!$element->getNoContainer()): ?>
-        <fieldset class="<?= /* @escapeNotVerified */ $cssClass ?>" id="<?= /* @escapeNotVerified */ $id ?>">
-        <?php if ($element->getLegend() && !$isWrapped): ?>
-            <legend class="<?= /* @escapeNotVerified */ $isField ? 'label admin__field-label' : 'admin__legend legend' ?>">
-                <span><?= /* @escapeNotVerified */ $element->getLegend() ?></span>
+    <?php if (!$element->getNoContainer()) : ?>
+        <fieldset class="<?=  $block->escapeHtmlAttr($cssClass) ?>" id="<?=  $block->escapeHtmlAttr($id) ?>">
+        <?php if ($element->getLegend() && !$isWrapped) : ?>
+            <legend class="<?= /* @noEscape */ $isField ? 'label admin__field-label' : 'admin__legend legend' ?>">
+                <span><?= $block->escapeHtml($element->getLegend()) ?></span>
             </legend><br />
         <?php endif; ?>
     <?php endif; ?>
 
 
     <div class="messages">
-        <?php if ($element->getComment() && !$isField): ?>
+        <?php if ($element->getComment() && !$isField) : ?>
             <div class="message message-notice"><?= $block->escapeHtml($element->getComment()) ?></div>
         <?php endif; ?>
     </div>
@@ -73,34 +70,34 @@ if ($isField) {
 
     <?= ($isField) ? '<div class="control admin__field-control">' : '' ?>
 
-    <?php if ($element->hasHtmlContent() && !$isField): ?>
+    <?php if ($element->hasHtmlContent() && !$isField) : ?>
         <?= $element->getHtmlContent() ?>
-    <?php else: ?>
+    <?php else : ?>
 
-        <?php if ($isField && $count > 1):?>
-            <div class="fields-group-<?= /* @escapeNotVerified */ $count ?>">
+        <?php if ($isField && $count > 1) : ?>
+            <div class="fields-group-<?= /* @noEscape */ $count ?>">
         <?php endif; ?>
 
         <?= $element->getBasicChildrenHtml() ?>
 
         <?= ($isField && $count > 1) ? '</div>' : '' ?>
 
-        <?php if ($element->getComment() && $isField): ?>
+        <?php if ($element->getComment() && $isField) : ?>
             <div class="note"><?= $block->escapeHtml($element->getComment()) ?></div>
         <?php endif; ?>
 
-        <?php if ($element->hasAdvanced() && !$isField): ?>
+        <?php if ($element->hasAdvanced() && !$isField) : ?>
             <?= (!$element->getNoContainer() && $advancedAfter)  ? '</fieldset>' : '' ?>
-            <details data-mage-init='{"details": {}}' class="details admin__collapsible-block-wrapper" id="details<?= /* @escapeNotVerified */ $id ?>">
-                <summary class="details-summary admin__collapsible-title" id="details-summary<?= /* @escapeNotVerified */ $id ?>">
-                    <span><?= /* @escapeNotVerified */ $advancedLabel ?></span>
+            <details data-mage-init='{"details": {}}' class="details admin__collapsible-block-wrapper" id="details<?= /* @noEscape */ $id ?>">
+                <summary class="details-summary admin__collapsible-title" id="details-summary<?= /* @noEscape */ $id ?>">
+                    <span><?= $block->escapeHtml($advancedLabel) ?></span>
                 </summary>
-                <div class="details-content admin__fieldset" id="details-content<?= /* @escapeNotVerified */ $id ?>">
+                <div class="details-content admin__fieldset" id="details-content<?= /* @noEscape */ $id ?>">
                     <?= $element->getAdvancedChildrenHtml() ?>
                 </div>
             </details>
-        <?php elseif ($element->hasAdvanced() && $isField): ?>
-            <div class="nested" id="nested<?= /* @escapeNotVerified */ $id ?>">
+        <?php elseif ($element->hasAdvanced() && $isField) : ?>
+            <div class="nested" id="nested<?= /* @noEscape */ $id ?>">
                 <?= $element->getAdvancedChildrenHtml() ?>
             </div>
         <?php endif; ?>
@@ -110,11 +107,11 @@ if ($isField) {
     <?php endif; ?>
 
 
-    <?php if (!$element->getNoContainer() && !$advancedAfter): ?>
+    <?php if (!$element->getNoContainer() && !$advancedAfter) : ?>
         </fieldset>
     <?php endif; ?>
 
-<?php if ($isWrapped): ?>
+<?php if ($isWrapped) : ?>
         </div>
     </div>
 <?php endif; ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/form/renderer/fieldset/element.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/form/renderer/fieldset/element.phtml
index 3608ed7662e49..bec6fe84fb2b1 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/form/renderer/fieldset/element.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/form/renderer/fieldset/element.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /* @var $block \Magento\Backend\Block\Widget\Form\Renderer\Fieldset\Element */
@@ -26,20 +23,20 @@ $fieldAttributes = $fieldId . ' class="' . $fieldClass . '" '
     . ($element->getFieldExtraAttributes() ? ' ' . $element->getFieldExtraAttributes() : '');
 ?>
 
-<?php if (!$element->getNoDisplay()): ?>
-    <?php if ($element->getType() == 'hidden'): ?>
+<?php if (!$element->getNoDisplay()) : ?>
+    <?php if ($element->getType() == 'hidden') : ?>
         <?= $element->getElementHtml() ?>
-    <?php else: ?>
-    <div<?= /* @escapeNotVerified */ $fieldAttributes ?>>
-        <?php if ($elementBeforeLabel): ?>
+    <?php else : ?>
+    <div<?= /* @noEscape */ $fieldAttributes ?>>
+        <?php if ($elementBeforeLabel) : ?>
             <?= $element->getElementHtml() ?>
             <?= $element->getLabelHtml('', $element->getScopeLabel()) ?>
-            <?= /* @escapeNotVerified */ $note ?>
-        <?php else: ?>
+            <?= /* @noEscape */ $note ?>
+        <?php else : ?>
             <?= $element->getLabelHtml('', $element->getScopeLabel()) ?>
             <div class="admin__field-control control">
-                <?= /* @escapeNotVerified */ ($addOn) ? '<div class="admin__field">' . $element->getElementHtml() . '</div>' : $element->getElementHtml() ?>
-                <?= /* @escapeNotVerified */ $note ?>
+                <?= /* @noEscape */ ($addOn) ? '<div class="admin__field">' . $element->getElementHtml() . '</div>' : $element->getElementHtml() ?>
+                <?= /* @noEscape */ $note ?>
             </div>
         <?php endif; ?>
     </div>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid.phtml
index fad8f5968009f..63cdae13490ac 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /**
@@ -19,101 +16,101 @@
  *
  */
 /* @var $block \Magento\Backend\Block\Widget\Grid */
-$numColumns = !is_null($block->getColumns()) ? sizeof($block->getColumns()) : 0;
+$numColumns = $block->getColumns() !== null ? count($block->getColumns()) : 0;
 ?>
-<?php if ($block->getCollection()): ?>
+<?php if ($block->getCollection()) : ?>
 
-<?php if ($block->canDisplayContainer()): ?>
+    <?php if ($block->canDisplayContainer()) : ?>
 <div id="<?= $block->escapeHtml($block->getId()) ?>" data-grid-id="<?= $block->escapeHtml($block->getId()) ?>">
-<?php else: ?>
-<?= $block->getLayout()->getMessagesBlock()->getGroupedHtml() ?>
-<?php endif; ?>
+    <?php else : ?>
+    <?= $block->getLayout()->getMessagesBlock()->getGroupedHtml() ?>
+    <?php endif; ?>
 
         <div class="admin__data-grid-header admin__data-grid-toolbar">
             <?php $massActionAvailable = $block->getChildBlock('grid.massaction') && $block->getChildBlock('grid.massaction')->isAvailable() ?>
-            <?php if ($block->getPagerVisibility() || $block->getExportTypes() || $block->getChildBlock('grid.columnSet')->getFilterVisibility() || $massActionAvailable): ?>
+            <?php if ($block->getPagerVisibility() || $block->getExportTypes() || $block->getChildBlock('grid.columnSet')->getFilterVisibility() || $massActionAvailable) : ?>
             <div class="admin__data-grid-header-row">
-                <?php if ($massActionAvailable): ?>
+                <?php if ($massActionAvailable) : ?>
                     <?= $block->getMainButtonsHtml() ? '<div class="admin__filter-actions">' . $block->getMainButtonsHtml() . '</div>' : '' ?>
                 <?php endif; ?>
 
-                <?php if ($block->getChildBlock('grid.export')): ?>
+                <?php if ($block->getChildBlock('grid.export')) : ?>
                     <?= $block->getChildHtml('grid.export') ?>
                 <?php endif; ?>
             </div>
             <?php endif; ?>
-            <div class="<?php if($massActionAvailable) { echo '_massaction ';} ?>admin__data-grid-header-row">
-                <?php if ($massActionAvailable): ?>
+            <div class="<?php if ($massActionAvailable) { echo '_massaction ';} ?>admin__data-grid-header-row">
+                <?php if ($massActionAvailable) : ?>
                     <?= $block->getChildHtml('grid.massaction') ?>
-                <?php else: ?>
+                <?php else : ?>
                     <?= $block->getMainButtonsHtml() ? '<div class="admin__filter-actions">' . $block->getMainButtonsHtml() . '</div>' : '' ?>
                 <?php endif; ?>
                     <?php $countRecords = $block->getCollection()->getSize(); ?>
                     <div class="admin__control-support-text">
-                        <span id="<?= $block->escapeHtml($block->getHtmlId()) ?>-total-count" <?= /* @escapeNotVerified */ $block->getUiId('total-count') ?>>
-                            <?= /* @escapeNotVerified */ $countRecords ?>
+                        <span id="<?= $block->escapeHtml($block->getHtmlId()) ?>-total-count" <?= /* @noEscape */ $block->getUiId('total-count') ?>>
+                            <?= /* @noEscape */ $countRecords ?>
                         </span>
-                        <?= /* @escapeNotVerified */ __('records found') ?>
+                        <?= $block->escapeHtml(__('records found')) ?>
                         <span id="<?= $block->escapeHtml($block->getHtmlId()) ?>_massaction-count"
-                              class="mass-select-info _empty"><strong data-role="counter">0</strong> <span><?= /* @escapeNotVerified */ __('selected') ?></span></span>
+                              class="mass-select-info _empty"><strong data-role="counter">0</strong> <span><?= $block->escapeHtml(__('selected')) ?></span></span>
                     </div>
-                <?php if ($block->getPagerVisibility()): ?>
+                <?php if ($block->getPagerVisibility()) : ?>
                     <div class="admin__data-grid-pager-wrap">
-                        <select name="<?= /* @escapeNotVerified */ $block->getVarNameLimit() ?>"
+                        <select name="<?= $block->escapeHtmlAttr($block->getVarNameLimit()) ?>"
                                 id="<?= $block->escapeHtml($block->getHtmlId()) ?>_page-limit"
-                                onchange="<?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.loadByElement(this)" <?= /* @escapeNotVerified */ $block->getUiId('per-page') ?>
+                                onchange="<?= /* @noEscape */ $block->getJsObjectName() ?>.loadByElement(this)" <?= /* @noEscape */ $block->getUiId('per-page') ?>
                                 class="admin__control-select">
-                            <option value="20"<?php if ($block->getCollection()->getPageSize() == 20): ?>
+                            <option value="20"<?php if ($block->getCollection()->getPageSize() == 20) : ?>
                                 selected="selected"<?php endif; ?>>20
                             </option>
-                            <option value="30"<?php if ($block->getCollection()->getPageSize() == 30): ?>
+                            <option value="30"<?php if ($block->getCollection()->getPageSize() == 30) : ?>
                                 selected="selected"<?php endif; ?>>30
                             </option>
-                            <option value="50"<?php if ($block->getCollection()->getPageSize() == 50): ?>
+                            <option value="50"<?php if ($block->getCollection()->getPageSize() == 50) : ?>
                                 selected="selected"<?php endif; ?>>50
                             </option>
-                            <option value="100"<?php if ($block->getCollection()->getPageSize() == 100): ?>
+                            <option value="100"<?php if ($block->getCollection()->getPageSize() == 100) : ?>
                                 selected="selected"<?php endif; ?>>100
                             </option>
-                            <option value="200"<?php if ($block->getCollection()->getPageSize() == 200): ?>
+                            <option value="200"<?php if ($block->getCollection()->getPageSize() == 200) : ?>
                                 selected="selected"<?php endif; ?>>200
                             </option>
                         </select>
                         <label for="<?= $block->escapeHtml($block->getHtmlId()) ?>_page-limit"
-                            class="admin__control-support-text"><?= /* @escapeNotVerified */ __('per page') ?></label>
+                            class="admin__control-support-text"><?= $block->escapeHtml(__('per page')) ?></label>
                         <div class="admin__data-grid-pager">
                             <?php $_curPage = $block->getCollection()->getCurPage() ?>
                             <?php $_lastPage = $block->getCollection()->getLastPageNumber() ?>
 
-                            <?php if ($_curPage > 1): ?>
+                            <?php if ($_curPage > 1) : ?>
                                 <button class="action-previous"
                                         type="button"
-                                        onclick="<?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.setPage('<?= /* @escapeNotVerified */ ($_curPage - 1) ?>');return false;">
-                                            <span><?= /* @escapeNotVerified */ __('Previous page') ?></span>
+                                        onclick="<?= /* @noEscape */ $block->getJsObjectName() ?>.setPage('<?= /* @noEscape */ ($_curPage - 1) ?>');return false;">
+                                            <span><?= $block->escapeHtml(__('Previous page')) ?></span>
                                 </button>
-                            <?php else: ?>
-                                <button type="button" class="action-previous disabled"><span><?= /* @escapeNotVerified */ __('Previous page') ?></span></button>
+                            <?php else : ?>
+                                <button type="button" class="action-previous disabled"><span><?= $block->escapeHtml(__('Previous page')) ?></span></button>
                             <?php endif; ?>
 
                             <input type="text"
                                    id="<?= $block->escapeHtml($block->getHtmlId()) ?>_page-current"
-                                   name="<?= /* @escapeNotVerified */ $block->getVarNamePage() ?>"
-                                   value="<?= /* @escapeNotVerified */ $_curPage ?>"
+                                   name="<?= $block->escapeHtmlAttr($block->getVarNamePage()) ?>"
+                                   value="<?= $block->escapeHtmlAttr($_curPage) ?>"
                                    class="admin__control-text"
-                                   onkeypress="<?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.inputPage(event, '<?= /* @escapeNotVerified */ $_lastPage ?>')" <?= /* @escapeNotVerified */ $block->getUiId('current-page') ?> />
+                                   onkeypress="<?= /* @noEscape */ $block->getJsObjectName() ?>.inputPage(event, '<?= /* @noEscape */ $_lastPage ?>')" <?= /* @noEscape */ $block->getUiId('current-page') ?> />
 
                             <label class="admin__control-support-text" for="<?= $block->escapeHtml($block->getHtmlId())
                             ?>_page-current">
-                                <?= /* @escapeNotVerified */ __('of %1', '<span>' . $block->getCollection()->getLastPageNumber() . '</span>') ?>
+                                <?= /* @noEscape */ __('of %1', '<span>' . $block->getCollection()->getLastPageNumber() . '</span>') ?>
                             </label>
-                            <?php if ($_curPage < $_lastPage): ?>
-                                <button type="button" title="<?= /* @escapeNotVerified */ __('Next page') ?>"
+                            <?php if ($_curPage < $_lastPage) : ?>
+                                <button type="button" title="<?= $block->escapeHtmlAttr(__('Next page')) ?>"
                                         class="action-next"
-                                        onclick="<?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.setPage('<?= /* @escapeNotVerified */ ($_curPage + 1) ?>');return false;">
-                                    <span><?= /* @escapeNotVerified */ __('Next page') ?></span>
+                                        onclick="<?= /* @noEscape */ $block->getJsObjectName() ?>.setPage('<?= /* @noEscape */ ($_curPage + 1) ?>');return false;">
+                                    <span><?= $block->escapeHtml(__('Next page')) ?></span>
                                 </button>
-                            <?php else: ?>
-                                <button type="button" class="action-next disabled"><span><?= /* @escapeNotVerified */ __('Next page') ?></span></button>
+                            <?php else : ?>
+                                <button type="button" class="action-next disabled"><span><?= $block->escapeHtml(__('Next page')) ?></span></button>
                             <?php endif; ?>
                         </div>
                     </div>
@@ -121,77 +118,77 @@ $numColumns = !is_null($block->getColumns()) ? sizeof($block->getColumns()) : 0;
             </div>
         </div>
         <div class="admin__data-grid-wrap admin__data-grid-wrap-static">
-        <?php if ($block->getGridCssClass()): ?>
-            <table class="<?= /* @escapeNotVerified */ $block->getGridCssClass() ?> data-grid" id="<?= $block->escapeHtml($block->getId()) ?>_table">
+        <?php if ($block->getGridCssClass()) : ?>
+            <table class="<?= $block->escapeHtmlAttr($block->getGridCssClass()) ?> data-grid" id="<?= $block->escapeHtml($block->getId()) ?>_table">
                 <!-- Rendering column set -->
                 <?= $block->getChildHtml('grid.columnSet') ?>
             </table>
-        <?php else: ?>
+        <?php else : ?>
 
             <table class="data-grid" id="<?= $block->escapeHtml($block->getId()) ?>_table">
                 <!-- Rendering column set -->
                 <?= $block->getChildHtml('grid.columnSet') ?>
             </table>
 
-            <?php if ($block->getChildBlock('grid.bottom.links')): ?>
+            <?php if ($block->getChildBlock('grid.bottom.links')) : ?>
                 <?= $block->getChildHtml('grid.bottom.links') ?>
             <?php endif; ?>
 
         <?php endif ?>
         </div>
-<?php if ($block->canDisplayContainer()): ?>
+    <?php if ($block->canDisplayContainer()) : ?>
 </div>
 <script>
     var deps = [];
 
-    <?php if ($block->getDependencyJsObject()): ?>
+        <?php if ($block->getDependencyJsObject()) : ?>
     deps.push('uiRegistry');
-    <?php endif; ?>
+        <?php endif; ?>
 
-    <?php if (strpos($block->getRowClickCallback(), 'order.') !== false): ?>
+        <?php if (strpos($block->getRowClickCallback(), 'order.') !== false) : ?>
     deps.push('Magento_Sales/order/create/form');
     deps.push('jquery');
-    <?php endif; ?>
+        <?php endif; ?>
 
     deps.push('mage/adminhtml/grid');
 
     require(deps, function(<?= ($block->getDependencyJsObject() ? 'registry' : '') ?>){
         <?php //TODO: getJsObjectName and getRowClickCallback has unexpected behavior. Should be removed ?>
 
-        <?php if ($block->getDependencyJsObject()): ?>
-            registry.get('<?= /* @escapeNotVerified */ $block->getDependencyJsObject() ?>', function (<?= /* @escapeNotVerified */ $block->getDependencyJsObject() ?>) {
+        <?php if ($block->getDependencyJsObject()) : ?>
+            registry.get('<?= $block->escapeJs($block->getDependencyJsObject()) ?>', function (<?= $block->escapeJs($block->getDependencyJsObject()) ?>) {
         <?php endif; ?>
 
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?> = new varienGrid('<?= $block->escapeHtml($block->getId()) ?>', '<?= /* @escapeNotVerified */ $block->getGridUrl() ?>', '<?= /* @escapeNotVerified */ $block->getVarNamePage() ?>', '<?= /* @escapeNotVerified */ $block->getVarNameSort() ?>', '<?= /* @escapeNotVerified */ $block->getVarNameDir() ?>', '<?= /* @escapeNotVerified */ $block->getVarNameFilter() ?>');
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.useAjax = <?= /* @escapeNotVerified */ $block->getUseAjax() ? 'true' : 'false' ?>;
-        <?php if ($block->getRowClickCallback()): ?>
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.rowClickCallback = <?= /* @escapeNotVerified */ $block->getRowClickCallback() ?>;
+        <?= $block->escapeJs($block->getJsObjectName()) ?> = new varienGrid('<?= $block->escapeHtml($block->getId()) ?>', '<?= $block->escapeJs($block->getGridUrl()) ?>', '<?= $block->escapeJs($block->getVarNamePage()) ?>', '<?= $block->escapeJs($block->getVarNameSort()) ?>', '<?= $block->escapeJs($block->getVarNameDir()) ?>', '<?= $block->escapeJs($block->getVarNameFilter()) ?>');
+        <?= $block->escapeJs($block->getJsObjectName()) ?>.useAjax = <?= /* @noEscape */ $block->getUseAjax() ? 'true' : 'false' ?>;
+        <?php if ($block->getRowClickCallback()) : ?>
+                <?= $block->escapeJs($block->getJsObjectName()) ?>.rowClickCallback = <?= /* @noEscape */ $block->getRowClickCallback() ?>;
         <?php endif; ?>
-        <?php if ($block->getCheckboxCheckCallback()): ?>
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.checkboxCheckCallback = <?= /* @escapeNotVerified */ $block->getCheckboxCheckCallback() ?>;
+        <?php if ($block->getCheckboxCheckCallback()) : ?>
+                <?= $block->escapeJs($block->getJsObjectName()) ?>.checkboxCheckCallback = <?= /* @noEscape */ $block->getCheckboxCheckCallback() ?>;
         <?php endif; ?>
-        <?php if ($block->getSortableUpdateCallback()): ?>
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.sortableUpdateCallback = <?= /* @escapeNotVerified */ $block->getSortableUpdateCallback() ?>;
+        <?php if ($block->getSortableUpdateCallback()) : ?>
+                <?= $block->escapeJs($block->getJsObjectName()) ?>.sortableUpdateCallback = <?= /* @noEscape */ $block->getSortableUpdateCallback() ?>;
         <?php endif; ?>
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.bindSortable();
-        <?php if ($block->getRowInitCallback()): ?>
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.initRowCallback = <?= /* @escapeNotVerified */ $block->getRowInitCallback() ?>;
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.initGridRows();
+        <?= $block->escapeJs($block->getJsObjectName()) ?>.bindSortable();
+        <?php if ($block->getRowInitCallback()) : ?>
+                <?= $block->escapeJs($block->getJsObjectName()) ?>.initRowCallback = <?= /* @noEscape */ $block->getRowInitCallback() ?>;
+                <?= $block->escapeJs($block->getJsObjectName()) ?>.initGridRows();
         <?php endif; ?>
-        <?php if ($block->getChildBlock('grid.massaction') && $block->getChildBlock('grid.massaction')->isAvailable()): ?>
-        <?= /* @escapeNotVerified */ $block->getChildBlock('grid.massaction')->getJavaScript() ?>
+        <?php if ($block->getChildBlock('grid.massaction') && $block->getChildBlock('grid.massaction')->isAvailable()) : ?>
+                <?= /* @noEscape */ $block->getChildBlock('grid.massaction')->getJavaScript() ?>
         <?php endif ?>
-        <?= /* @escapeNotVerified */ $block->getAdditionalJavaScript() ?>
+        <?= /* @noEscape */ $block->getAdditionalJavaScript() ?>
 
-        <?php if ($block->getDependencyJsObject()): ?>
+        <?php if ($block->getDependencyJsObject()) : ?>
             });
         <?php endif; ?>
     });
 </script>
 <?php endif; ?>
 
-<?php if ($block->getChildBlock('grid.js')): ?>
-    <?= $block->getChildHtml('grid.js') ?>
-<?php endif; ?>
+    <?php if ($block->getChildBlock('grid.js')) : ?>
+        <?= $block->getChildHtml('grid.js') ?>
+    <?php endif; ?>
 
 <?php endif ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/column_set.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/column_set.phtml
index 5ff9cfbd96f2c..0906694520cb6 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/column_set.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/column_set.phtml
@@ -3,42 +3,39 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /**
  * Template for \Magento\Backend\Block\Widget\Grid\ColumnSet
  * @var $block \Magento\Backend\Block\Widget\Grid\ColumnSet
  */
-$numColumns = sizeof($block->getColumns());
+$numColumns = count($block->getColumns());
 ?>
-<?php if ($block->getCollection()): ?>
+<?php if ($block->getCollection()) : ?>
     <?php
     /* This part is commented to remove all <col> tags from the code. */
     /* foreach ($block->getColumns() as $_column): ?>
         <col <?= $_column->getHtmlProperty() ?> />
     <?php endforeach; */ ?>
-    <?php if ($block->isHeaderVisible()): ?>
+    <?php if ($block->isHeaderVisible()) : ?>
         <thead>
-            <?php if ($block->isHeaderVisible() || $block->getFilterVisibility()): ?>
+            <?php if ($block->isHeaderVisible() || $block->getFilterVisibility()) : ?>
                 <tr>
-                <?php foreach ($block->getColumns() as $_column): ?>
-                <?php /* @var $_column \Magento\Backend\Block\Widget\Grid\Column */ ?>
-                    <?php if ($_column->getHeaderHtml() == '&nbsp;'):?>
-                        <th class="data-grid-th" data-column="<?= /* @escapeNotVerified */ $_column->getId() ?>"
+                <?php foreach ($block->getColumns() as $_column) : ?>
+                    <?php /* @var $_column \Magento\Backend\Block\Widget\Grid\Column */ ?>
+                    <?php if ($_column->getHeaderHtml() == '&nbsp;') :?>
+                        <th class="data-grid-th" data-column="<?= $block->escapeHtmlAttr($_column->getId()) ?>"
                             <?= $_column->getHeaderHtmlProperty() ?>>&nbsp;</th>
-                    <?php else: ?>
+                    <?php else : ?>
                         <?= $_column->getHeaderHtml() ?>
                     <?php endif; ?>
                 <?php endforeach; ?>
                 </tr>
             <?php endif; ?>
-            <?php if ($block->isFilterVisible()): ?>
+            <?php if ($block->isFilterVisible()) : ?>
                 <tr class="data-grid-filters" data-role="filter-form">
-                    <?php $i = 0; foreach ($block->getColumns() as $_column): ?>
-                        <td data-column="<?= /* @escapeNotVerified */ $_column->getId() ?>" <?= $_column->getHeaderHtmlProperty() ?>>
+                    <?php $i = 0; foreach ($block->getColumns() as $_column) : ?>
+                        <td data-column="<?= $block->escapeHtmlAttr($_column->getId()) ?>" <?= $_column->getHeaderHtmlProperty() ?>>
                             <?= $_column->getFilterHtml() ?>
                         </td>
                     <?php endforeach; ?>
@@ -49,75 +46,76 @@ $numColumns = sizeof($block->getColumns());
 
     <tbody>
 
-        <?php if ($block->getCollection()->getSize() > 0 && !$block->getIsCollapsed()): ?>
-        <?php foreach ($block->getCollection() as $_index => $_item): ?>
-            <?php if ($block->hasMultipleRows($_item)) :?>
-                <?php $block->updateItemByFirstMultiRow($_item); ?>
-                <tr title="<?= /* @escapeNotVerified */ $block->getRowUrl($_item) ?>" data-role="row"
-                    <?php if ($_class = $block->getRowClass($_item)):?> class="<?= /* @escapeNotVerified */ $_class ?>"<?php endif;?>
-                ><?php $i = 0; foreach ($block->getColumns() as $_column):
-                      if ($block->shouldRenderCell($_item, $_column)):
+        <?php if ($block->getCollection()->getSize() > 0 && !$block->getIsCollapsed()) : ?>
+            <?php foreach ($block->getCollection() as $_index => $_item) : ?>
+                <?php if ($block->hasMultipleRows($_item)) :?>
+                    <?php $block->updateItemByFirstMultiRow($_item); ?>
+                <tr title="<?= $block->escapeHtmlAttr($block->getRowUrl($_item)) ?>" data-role="row"
+                    <?php if ($_class = $block->getRowClass($_item)) :?> class="<?= $block->escapeHtmlAttr($_class) ?>"<?php endif;?>
+                ><?php $i = 0; foreach ($block->getColumns() as $_column) :
+                    if ($block->shouldRenderCell($_item, $_column)) :
                             $_rowspan = $block->getRowspan($_item, $_column);
-                          ?><td data-column="<?= /* @escapeNotVerified */ $_column->getId() ?>"
-                                <?= ($_rowspan ? 'rowspan="' . $_rowspan . '" ' : '') ?>
-                                class="<?= /* @escapeNotVerified */ $_column->getCssProperty() ?> <?= /* @escapeNotVerified */ $_column->getId() == 'massaction' ? 'data-grid-checkbox-cell': '' ?> <?= ++$i == $numColumns ? 'last' : '' ?>"
+                        ?><td data-column="<?= $block->escapeHtmlAttr($_column->getId()) ?>"
+                                <?= /* @noEscape */ ($_rowspan ? 'rowspan="' . $_rowspan . '" ' : '') ?>
+                                class="<?= $block->escapeHtmlAttr($_column->getCssProperty()) ?> <?= /* @noEscape */ $_column->getId() == 'massaction' ? 'data-grid-checkbox-cell': '' ?> <?= ++$i == $numColumns ? 'last' : '' ?>"
                             >
-                                <?= (($_html = $_column->getRowField($_item)) != '' ? $_html : '&nbsp;') ?>
+                                <?= /* @noEscape */ (($_html = $_column->getRowField($_item)) != '' ? $_html : '&nbsp;') ?>
                             </td><?php
-                            if ($block->shouldRenderEmptyCell($_item, $_column)):?>
-                                <td colspan="<?= /* @escapeNotVerified */ $block->getEmptyCellColspan($_item) ?>" class="last">
-                                <?= /* @escapeNotVerified */ $block->getEmptyCellLabel() ?>
+                            if ($block->shouldRenderEmptyCell($_item, $_column)) :?>
+                                <td colspan="<?= $block->escapeHtmlAttr($block->getEmptyCellColspan($_item)) ?>" class="last">
+                                <?= $block->escapeHtml($block->getEmptyCellLabel()) ?>
                                 </td><?php
                             endif;
                         endif;
                     endforeach;
-                ?></tr>
-                <?php $_isFirstRow = true; ?>
-                <?php foreach ($block->getMultipleRows($_item) as $_i):?>
-                    <?php if ($_isFirstRow) : ?>
-                        <?php $_isFirstRow = false; continue; ?>
-                    <?php endif; ?>
+?></tr>
+                    <?php $_isFirstRow = true; ?>
+                    <?php foreach ($block->getMultipleRows($_item) as $_i) : ?>
+                        <?php
+                        if ($_isFirstRow) {
+                            $_isFirstRow = false;
+                            continue;
+                        }
+                        ?>
                     <tr data-role="row">
-                        <?php $i = 0; foreach ($block->getMultipleRowColumns($_i) as $_column):
-                            ?><td data-column="<?= /* @escapeNotVerified */ $_column->getId() ?>"
-                            class="<?= /* @escapeNotVerified */ $_column->getCssProperty() ?> <?= /* @escapeNotVerified */ $_column->getId() == 'massaction' ? 'data-grid-checkbox-cell': '' ?> <?= ++$i == $numColumns-1 ? 'last' : '' ?>"
+                        <?php $i = 0; foreach ($block->getMultipleRowColumns($_i) as $_column) :
+                            ?><td data-column="<?= $block->escapeHtmlAttr($_column->getId()) ?>"
+                            class="<?= $block->escapeHtmlAttr($_column->getCssProperty()) ?> <?= /* @noEscape */ $_column->getId() == 'massaction' ? 'data-grid-checkbox-cell': '' ?> <?= ++$i == $numColumns-1 ? 'last' : '' ?>"
                         >
-                            <?= (($_html = $_column->getRowField($_i)) != '' ? $_html : '&nbsp;') ?>
+                            <?= /* @noEscape */ (($_html = $_column->getRowField($_i)) != '' ? $_html : '&nbsp;') ?>
                         </td><?php
                         endforeach; ?>
                     </tr>
                 <?php endforeach;?>
 
-                <?php if ($block->shouldRenderSubTotal($_item)): ?>
+                    <?php if ($block->shouldRenderSubTotal($_item)) : ?>
                     <tr class="subtotals">
-                        <?php $i = 0; foreach ($block->getMultipleRowColumns() as $_column): ?>
-                            <td data-column="<?= /* @escapeNotVerified */ $_column->getId() ?>"
-                                class="<?= /* @escapeNotVerified */ $_column->getCssProperty() ?> <?= /* @escapeNotVerified */ $_column->getId() == 'massaction' ? 'data-grid-checkbox-cell': '' ?> <?= ++$i == $numColumns ? 'last' : '' ?>"
+                        <?php $i = 0; foreach ($block->getMultipleRowColumns() as $_column) : ?>
+                            <td data-column="<?= $block->escapeHtmlAttr($_column->getId()) ?>"
+                                class="<?= $block->escapeHtmlAttr($_column->getCssProperty()) ?> <?= /* @noEscape */ $_column->getId() == 'massaction' ? 'data-grid-checkbox-cell': '' ?> <?= ++$i == $numColumns ? 'last' : '' ?>"
                             >
-                                <?php /* @escapeNotVerified */ echo $_column->hasSubtotalsLabel() ? $_column->getSubtotalsLabel()
-                                    : $_column->getRowField($block->getSubTotals($_item));
-                                ?>
+                                <?= /* @noEscape */ $_column->hasSubtotalsLabel() ? $block->escapeHtml($_column->getSubtotalsLabel()) : $_column->getRowField($block->getSubTotals($_item)) ?>
                             </td>
                         <?php endforeach; ?>
                     </tr>
                 <?php endif; ?>
-            <?php else: ?>
-                <tr data-role="row" title="<?= /* @escapeNotVerified */ $block->getRowUrl($_item) ?>"<?php if ($_class = $block->getRowClass($_item)):?>
-                    class="<?= /* @escapeNotVerified */ $_class ?>"<?php endif;?>
+            <?php else : ?>
+                <tr data-role="row" title="<?= $block->escapeHtmlAttr($block->getRowUrl($_item)) ?>"<?php if ($_class = $block->getRowClass($_item)) : ?>
+                    class="<?= $block->escapeHtmlAttr($_class) ?>"<?php endif;?>
                 >
-                    <?php $i = 0; foreach ($block->getColumns() as $_column): ?>
-                        <?php if ($block->shouldRenderCell($_item, $_column)):?>
-                            <td data-column="<?= /* @escapeNotVerified */ $_column->getId() ?>"
-                                class="<?= /* @escapeNotVerified */ $_column->getCssProperty() ?> <?= /* @escapeNotVerified */ $_column->getId() == 'massaction' ? 'data-grid-checkbox-cell': '' ?> <?= ++$i == $numColumns ? 'last' : '' ?>"
+                    <?php $i = 0; foreach ($block->getColumns() as $_column) : ?>
+                        <?php if ($block->shouldRenderCell($_item, $_column)) : ?>
+                            <td data-column="<?= $block->escapeHtmlAttr($_column->getId()) ?>"
+                                class="<?= $block->escapeHtmlAttr($_column->getCssProperty()) ?> <?= /* @noEscape */ $_column->getId() == 'massaction' ? 'data-grid-checkbox-cell': '' ?> <?= ++$i == $numColumns ? 'last' : '' ?>"
                             >
-                                <?= (($_html = $_column->getRowField($_item)) != '' ? $_html : '&nbsp;') ?>
+                                <?= /* @noEscape */ (($_html = $_column->getRowField($_item)) != '' ? $_html : '&nbsp;') ?>
                             </td>
-                            <?php if ($block->shouldRenderEmptyCell($_item, $_column)):?>
-                                <td data-column="<?= /* @escapeNotVerified */ $_column->getId() ?>"
-                                    colspan="<?= /* @escapeNotVerified */ $block->getEmptyCellColspan($_item) ?>"
-                                    class="col-no-records <?= /* @escapeNotVerified */ $block->getEmptyTextClass() ?> last"
+                            <?php if ($block->shouldRenderEmptyCell($_item, $_column)) : ?>
+                                <td data-column="<?= $block->escapeHtmlAttr($_column->getId()) ?>"
+                                    colspan="<?= $block->escapeHtmlAttr($block->getEmptyCellColspan($_item)) ?>"
+                                    class="col-no-records <?= $block->escapeHtmlAttr($block->getEmptyTextClass()) ?> last"
                                 >
-                                    <?= /* @escapeNotVerified */ $block->getEmptyCellLabel() ?>
+                                    <?= $block->escapeHtml($block->getEmptyCellLabel()) ?>
                                 </td>
                             <?php endif;?>
                         <?php endif;?>
@@ -125,23 +123,22 @@ $numColumns = sizeof($block->getColumns());
                 </tr>
             <?php endif; ?>
         <?php endforeach; ?>
-        <?php elseif ($block->getEmptyText()): ?>
+        <?php elseif ($block->getEmptyText()) : ?>
             <tr class="data-grid-tr-no-data" data-role="row">
-                <td class="<?= /* @escapeNotVerified */ $block->getEmptyTextClass() ?>"
-                    colspan="<?= /* @escapeNotVerified */ $numColumns ?>"><?= /* @escapeNotVerified */ $block->getEmptyText() ?></td>
+                <td class="<?= $block->escapeHtmlAttr($block->getEmptyTextClass()) ?>"
+                    colspan="<?= $block->escapeHtmlAttr($numColumns) ?>"><?= $block->escapeHtml($block->getEmptyText()) ?></td>
             </tr>
         <?php endif; ?>
     </tbody>
 
-    <?php if ($block->shouldRenderTotal()): ?>
+    <?php if ($block->shouldRenderTotal()) : ?>
     <tfoot>
         <tr class="totals" data-role="row">
-            <?php foreach ($block->getColumns() as $_column): ?>
-                <th data-column="<?= /* @escapeNotVerified */ $_column->getId() ?>"
-                    class="<?= /* @escapeNotVerified */ $_column->getCssProperty() ?>"
+            <?php foreach ($block->getColumns() as $_column) : ?>
+                <th data-column="<?= $block->escapeHtmlAttr($_column->getId()) ?>"
+                    class="<?= $block->escapeHtmlAttr($_column->getCssProperty()) ?>"
                 >
-                    <?php /* @escapeNotVerified */ echo($_column->hasTotalsLabel()) ? $_column->getTotalsLabel()
-                        : $_column->getRowField($block->getTotals()) ?>
+                    <?= /* @noEscape */ ($_column->hasTotalsLabel()) ? $block->escapeHtml($_column->getTotalsLabel()) : $_column->getRowField($block->getTotals()) ?>
                 </th>
             <?php endforeach; ?>
         </tr>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/container.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/container.phtml
index 8a40853a405b0..6a8ec2a934ca4 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/container.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/container.phtml
@@ -3,11 +3,8 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<?php if ($block->getButtonsHtml()): ?>
+<?php if ($block->getButtonsHtml()) : ?>
 <div data-mage-init='{"floatingHeader": {}}' class="page-actions"><?= $block->getButtonsHtml() ?></div>
 <?php endif; ?>
 <?= $block->getGridHtml() ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/container/empty.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/container/empty.phtml
index 700e9749f734b..e62c6ca3b4255 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/container/empty.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/container/empty.phtml
@@ -3,8 +3,5 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?= $block->getGridHtml() ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/export.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/export.phtml
index 35be61dad7f73..e70b93d0afc10 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/export.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/export.phtml
@@ -3,17 +3,14 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <div class="admin__data-grid-export">
-    <label for="<?= /* @escapeNotVerified */ $block->getId() ?>_export" class="admin__control-support-text">
-        <?= /* @escapeNotVerified */ __('Export to:') ?>
+    <label for="<?= $block->escapeHtmlAttr($block->getId()) ?>_export" class="admin__control-support-text">
+        <?= $block->escapeHtml(__('Export to:')) ?>
     </label>
-    <select name="<?= /* @escapeNotVerified */ $block->getId() ?>_export" id="<?= /* @escapeNotVerified */ $block->getId() ?>_export" class="admin__control-select">
-        <?php foreach ($block->getExportTypes() as $_type): ?>
-            <option value="<?= /* @escapeNotVerified */ $_type->getUrl() ?>"><?= /* @escapeNotVerified */ $_type->getLabel() ?></option>
+    <select name="<?= $block->escapeHtmlAttr($block->getId()) ?>_export" id="<?= $block->escapeHtmlAttr($block->getId()) ?>_export" class="admin__control-select">
+        <?php foreach ($block->getExportTypes() as $_type) : ?>
+            <option value="<?= $block->escapeHtmlAttr($_type->getUrl()) ?>"><?= $block->escapeHtml($_type->getLabel()) ?></option>
         <?php endforeach; ?>
     </select>
     <?= $block->getExportButtonHtml() ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/extended.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/extended.phtml
index f97db4ad993b1..0bb453f25d7ca 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/extended.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/extended.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /**
@@ -17,35 +14,35 @@
  *  getPagerVisibility()
  *  getVarNamePage()
  */
-$numColumns = sizeof($block->getColumns());
+$numColumns = count($block->getColumns());
 
 /**
  * @var \Magento\Backend\Block\Widget\Grid\Extended $block
  */
 ?>
-<?php if ($block->getCollection()): ?>
-    <?php if ($block->canDisplayContainer()): ?>
+<?php if ($block->getCollection()) : ?>
+    <?php if ($block->canDisplayContainer()) : ?>
 
     <div id="<?= $block->escapeHtml($block->getId()) ?>" data-grid-id="<?= $block->escapeHtml($block->getId()) ?>">
-    <?php else: ?>
+    <?php else : ?>
         <?= $block->getLayout()->getMessagesBlock()->getGroupedHtml() ?>
     <?php endif; ?>
     <?php $massActionAvailable = $block->getMassactionBlock() && $block->getMassactionBlock()->isAvailable() ?>
-    <?php if ($block->getPagerVisibility() || $block->getExportTypes() || $block->getFilterVisibility() || $massActionAvailable): ?>
+    <?php if ($block->getPagerVisibility() || $block->getExportTypes() || $block->getFilterVisibility() || $massActionAvailable) : ?>
         <div class="admin__data-grid-header admin__data-grid-toolbar">
             <div class="admin__data-grid-header-row">
-                <?php if ($massActionAvailable): ?>
+                <?php if ($massActionAvailable) : ?>
                     <?= $block->getMainButtonsHtml() ? '<div class="admin__filter-actions">' . $block->getMainButtonsHtml() . '</div>' : '' ?>
                 <?php endif; ?>
-            <?php if ($block->getExportTypes()): ?>
+            <?php if ($block->getExportTypes()) : ?>
                 <div class="admin__data-grid-export">
                     <label
                         class="admin__control-support-text"
-                        for="<?= $block->escapeHtml($block->getId()) ?>_export"><?= /* @escapeNotVerified */ __('Export to:') ?></label>
+                        for="<?= $block->escapeHtml($block->getId()) ?>_export"><?= $block->escapeHtml(__('Export to:')) ?></label>
                     <select name="<?= $block->escapeHtml($block->getId()) ?>_export" id="<?= $block->escapeHtml($block->getId()) ?>_export"
                             class="admin__control-select">
-                        <?php foreach ($block->getExportTypes() as $_type): ?>
-                            <option value="<?= /* @escapeNotVerified */ $_type->getUrl() ?>"><?= /* @escapeNotVerified */ $_type->getLabel() ?></option>
+                        <?php foreach ($block->getExportTypes() as $_type) : ?>
+                            <option value="<?= $block->escapeHtmlAttr($_type->getUrl()) ?>"><?= $block->escapeHtml($_type->getLabel()) ?></option>
                         <?php endforeach; ?>
                     </select>
                     <?= $block->getExportButtonHtml() ?>
@@ -54,76 +51,76 @@ $numColumns = sizeof($block->getColumns());
             </div>
 
             <div class="admin__data-grid-header-row <?= $massActionAvailable ? '_massaction' : '' ?>">
-                <?php if ($massActionAvailable): ?>
+                <?php if ($massActionAvailable) : ?>
                     <?= $block->getMassactionBlockHtml() ?>
-                <?php else: ?>
+                <?php else : ?>
                     <?= $block->getMainButtonsHtml() ? '<div class="admin__filter-actions">' . $block->getMainButtonsHtml() . '</div>' : '' ?>
                 <?php endif; ?>
                 <?php $countRecords = $block->getCollection()->getSize(); ?>
                 <div class="admin__control-support-text">
-                        <span id="<?= $block->escapeHtml($block->getHtmlId()) ?>-total-count" <?= /* @escapeNotVerified */ $block->getUiId('total-count') ?>>
-                            <?= /* @escapeNotVerified */ $countRecords ?>
+                        <span id="<?= $block->escapeHtml($block->getHtmlId()) ?>-total-count" <?= /* @noEscape */ $block->getUiId('total-count') ?>>
+                            <?= /* @noEscape */ $countRecords ?>
                         </span>
-                    <?= /* @escapeNotVerified */ __('records found') ?>
+                    <?= $block->escapeHtml(__('records found')) ?>
                     <span id="<?= $block->escapeHtml($block->getHtmlId()) ?>_massaction-count"
-                          class="mass-select-info _empty"><strong data-role="counter">0</strong> <span><?= /* @escapeNotVerified */ __('selected') ?></span></span>
+                          class="mass-select-info _empty"><strong data-role="counter">0</strong> <span><?= $block->escapeHtml(__('selected')) ?></span></span>
                 </div>
 
-            <?php if ($block->getPagerVisibility()): ?>
+            <?php if ($block->getPagerVisibility()) : ?>
                 <div class="admin__data-grid-pager-wrap">
-                    <select name="<?= /* @escapeNotVerified */ $block->getVarNameLimit() ?>"
+                    <select name="<?= $block->escapeHtmlAttr($block->getVarNameLimit()) ?>"
                             id="<?= $block->escapeHtml($block->getHtmlId()) ?>_page-limit"
-                            onchange="<?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.loadByElement(this)"
+                            onchange="<?= /* @noEscape */ $block->getJsObjectName() ?>.loadByElement(this)"
                             class="admin__control-select">
-                        <option value="20"<?php if ($block->getCollection()->getPageSize() == 20): ?>
+                        <option value="20"<?php if ($block->getCollection()->getPageSize() == 20) : ?>
                             selected="selected"<?php endif; ?>>20
                         </option>
-                        <option value="30"<?php if ($block->getCollection()->getPageSize() == 30): ?>
+                        <option value="30"<?php if ($block->getCollection()->getPageSize() == 30) : ?>
                             selected="selected"<?php endif; ?>>30
                         </option>
-                        <option value="50"<?php if ($block->getCollection()->getPageSize() == 50): ?>
+                        <option value="50"<?php if ($block->getCollection()->getPageSize() == 50) : ?>
                             selected="selected"<?php endif; ?>>50
                         </option>
-                        <option value="100"<?php if ($block->getCollection()->getPageSize() == 100): ?>
+                        <option value="100"<?php if ($block->getCollection()->getPageSize() == 100) : ?>
                             selected="selected"<?php endif; ?>>100
                         </option>
-                        <option value="200"<?php if ($block->getCollection()->getPageSize() == 200): ?>
+                        <option value="200"<?php if ($block->getCollection()->getPageSize() == 200) : ?>
                             selected="selected"<?php endif; ?>>200
                         </option>
                     </select>
                     <label for="<?= $block->escapeHtml($block->getHtmlId()) ?><?= $block->escapeHtml($block->getHtmlId()) ?>_page-limit"
-                        class="admin__control-support-text"><?= /* @escapeNotVerified */ __('per page') ?></label>
+                        class="admin__control-support-text"><?= $block->escapeHtml(__('per page')) ?></label>
 
                     <div class="admin__data-grid-pager">
                         <?php $_curPage = $block->getCollection()->getCurPage() ?>
                         <?php $_lastPage = $block->getCollection()->getLastPageNumber() ?>
-                        <?php if ($_curPage > 1): ?>
+                        <?php if ($_curPage > 1) : ?>
                             <button class="action-previous"
                                     type="button"
-                                    onclick="<?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.setPage('<?= /* @escapeNotVerified */ ($_curPage - 1) ?>');return false;">
-                                <span><?= /* @escapeNotVerified */ __('Previous page') ?></span>
+                                    onclick="<?= /* @noEscape */ $block->getJsObjectName() ?>.setPage('<?= /* @noEscape */ ($_curPage - 1) ?>');return false;">
+                                <span><?= $block->escapeHtml(__('Previous page')) ?></span>
                             </button>
-                        <?php else: ?>
-                            <button type="button" class="action-previous disabled"><span><?= /* @escapeNotVerified */ __('Previous page') ?></span></button>
+                        <?php else : ?>
+                            <button type="button" class="action-previous disabled"><span><?= $block->escapeHtml(__('Previous page')) ?></span></button>
                         <?php endif; ?>
                         <input type="text"
                                id="<?= $block->escapeHtml($block->getHtmlId()) ?>_page-current"
-                               name="<?= /* @escapeNotVerified */ $block->getVarNamePage() ?>"
-                               value="<?= /* @escapeNotVerified */ $_curPage ?>"
+                               name="<?= $block->escapeHtmlAttr($block->getVarNamePage()) ?>"
+                               value="<?= $block->escapeHtmlAttr($_curPage) ?>"
                                class="admin__control-text"
-                               onkeypress="<?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.inputPage(event, '<?= /* @escapeNotVerified */ $_lastPage ?>')" <?= /* @escapeNotVerified */ $block->getUiId('current-page') ?> />
+                               onkeypress="<?= /* @noEscape */ $block->getJsObjectName() ?>.inputPage(event, '<?= /* @noEscape */ $_lastPage ?>')" <?= /* @noEscape */ $block->getUiId('current-page') ?> />
                         <label class="admin__control-support-text" for="<?= $block->escapeHtml($block->getHtmlId()) ?>_page-current">
-                            <?= /* @escapeNotVerified */ __('of %1', '<span>' . $block->getCollection()->getLastPageNumber() . '</span>') ?>
+                            <?= /* @noEscape */ __('of %1', '<span>' . $block->getCollection()->getLastPageNumber() . '</span>') ?>
                         </label>
-                        <?php if ($_curPage < $_lastPage): ?>
+                        <?php if ($_curPage < $_lastPage) : ?>
                             <button type="button"
-                                    title="<?= /* @escapeNotVerified */ __('Next page') ?>"
+                                    title="<?= $block->escapeHtmlAttr(__('Next page')) ?>"
                                     class="action-next"
-                                    onclick="<?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.setPage('<?= /* @escapeNotVerified */ ($_curPage + 1) ?>');return false;">
-                                <span><?= /* @escapeNotVerified */ __('Next page') ?></span>
+                                    onclick="<?= /* @noEscape */ $block->getJsObjectName() ?>.setPage('<?= /* @noEscape */ ($_curPage + 1) ?>');return false;">
+                                <span><?= $block->escapeHtml(__('Next page')) ?></span>
                             </button>
-                        <?php else: ?>
-                        <button type="button" class="action-next disabled"><span><?= /* @escapeNotVerified */ __('Next page') ?></span></button>
+                        <?php else : ?>
+                        <button type="button" class="action-next disabled"><span><?= $block->escapeHtml(__('Next page')) ?></span></button>
                         <?php endif; ?>
                     </div>
                 </div>
@@ -140,25 +137,25 @@ $numColumns = sizeof($block->getColumns());
             <col <?= $_column->getHtmlProperty() ?> />
             <?php endforeach; */
             ?>
-            <?php if ($block->getHeadersVisibility() || $block->getFilterVisibility()): ?>
+            <?php if ($block->getHeadersVisibility() || $block->getFilterVisibility()) : ?>
                 <thead>
-                <?php if ($block->getHeadersVisibility()): ?>
+                <?php if ($block->getHeadersVisibility()) : ?>
                     <tr>
-                        <?php foreach ($block->getColumns() as $_column): ?>
-                            <?php if ($_column->getHeaderHtml() == '&nbsp;'):?>
-                                <th class="data-grid-th" data-column="<?= /* @escapeNotVerified */ $_column->getId() ?>"
+                        <?php foreach ($block->getColumns() as $_column) : ?>
+                            <?php if ($_column->getHeaderHtml() == '&nbsp;') : ?>
+                                <th class="data-grid-th" data-column="<?= $block->escapeHtmlAttr($_column->getId()) ?>"
                                     <?= $_column->getHeaderHtmlProperty() ?>>&nbsp;</th>
-                            <?php else: ?>
+                            <?php else : ?>
                                 <?= $_column->getHeaderHtml() ?>
                             <?php endif; ?>
                         <?php endforeach; ?>
                     </tr>
                 <?php endif; ?>
-                <?php if ($block->getFilterVisibility()): ?>
+                <?php if ($block->getFilterVisibility()) : ?>
                     <tr class="data-grid-filters" data-role="filter-form">
                         <?php $i = 0;
-                        foreach ($block->getColumns() as $_column): ?>
-                            <td data-column="<?= /* @escapeNotVerified */ $_column->getId() ?>" <?= $_column->getHeaderHtmlProperty() ?>>
+                        foreach ($block->getColumns() as $_column) : ?>
+                            <td data-column="<?= $block->escapeHtmlAttr($_column->getId()) ?>" <?= $_column->getHeaderHtmlProperty() ?>>
                                 <?= $_column->getFilterHtml() ?>
                             </td>
                         <?php endforeach; ?>
@@ -166,12 +163,12 @@ $numColumns = sizeof($block->getColumns());
                 <?php endif ?>
                 </thead>
             <?php endif; ?>
-            <?php if ($block->getCountTotals()): ?>
+            <?php if ($block->getCountTotals()) : ?>
                 <tfoot>
                 <tr class="totals">
-                    <?php foreach ($block->getColumns() as $_column): ?>
-                        <th class="<?= /* @escapeNotVerified */ $_column->getCssProperty() ?>">
-                            <?= /* @escapeNotVerified */ ($_column->hasTotalsLabel()) ? $_column->getTotalsLabel() : $_column->getRowField($_column->getGrid()->getTotals()) ?>
+                    <?php foreach ($block->getColumns() as $_column) : ?>
+                        <th class="<?= $block->escapeHtmlAttr($_column->getCssProperty()) ?>">
+                            <?= /* @noEscape */ ($_column->hasTotalsLabel()) ? $block->escapeHtml($_column->getTotalsLabel()) : $_column->getRowField($_column->getGrid()->getTotals()) ?>
                         </th>
                     <?php endforeach; ?>
                 </tr>
@@ -179,116 +176,114 @@ $numColumns = sizeof($block->getColumns());
             <?php endif; ?>
 
             <tbody>
-            <?php if (($block->getCollection()->getSize() > 0) && (!$block->getIsCollapsed())): ?>
-                <?php foreach ($block->getCollection() as $_index => $_item): ?>
-                    <tr title="<?= /* @escapeNotVerified */ $block->getRowUrl($_item) ?>"<?php if ($_class = $block->getRowClass($_item)): ?>
-                        class="<?= /* @escapeNotVerified */ $_class ?>"<?php endif; ?> ><?php
+            <?php if (($block->getCollection()->getSize() > 0) && (!$block->getIsCollapsed())) : ?>
+                <?php foreach ($block->getCollection() as $_index => $_item) : ?>
+                    <tr title="<?= $block->escapeHtmlAttr($block->getRowUrl($_item)) ?>"<?php if ($_class = $block->getRowClass($_item)) : ?>
+                        class="<?= $block->escapeHtmlAttr($_class) ?>"<?php endif; ?> ><?php
                         $i = 0;
-                        foreach ($block->getColumns() as $_column):
-                            if ($block->shouldRenderCell($_item, $_column)):
+                        foreach ($block->getColumns() as $_column) :
+                            if ($block->shouldRenderCell($_item, $_column)) :
                                 $_rowspan = $block->getRowspan($_item, $_column);
                                 ?>
-                            <td <?= ($_rowspan ? 'rowspan="' . $_rowspan . '" ' : '') ?>
-                                class="<?= /* @escapeNotVerified */ $_column->getCssProperty() ?>
-                                        <?= /* @escapeNotVerified */ $_column->getId() == 'massaction' ? 'data-grid-checkbox-cell': '' ?>">
-                                <?= (($_html = $_column->getRowField($_item)) != '' ? $_html : '&nbsp;') ?>
+                            <td <?= /* @noEscape */ ($_rowspan ? 'rowspan="' . $_rowspan . '" ' : '') ?>
+                                class="<?= $block->escapeHtmlAttr($_column->getCssProperty()) ?>
+                                        <?= /* @noEscape */ $_column->getId() == 'massaction' ? 'data-grid-checkbox-cell': '' ?>">
+                                <?= /* @noEscape */ (($_html = $_column->getRowField($_item)) != '' ? $_html : '&nbsp;') ?>
                                 </td><?php
-                                if ($block->shouldRenderEmptyCell($_item, $_column)):
+                                if ($block->shouldRenderEmptyCell($_item, $_column)) :
                                     ?>
-                                    <td colspan="<?= /* @escapeNotVerified */ $block->getEmptyCellColspan($_item) ?>"
-                                        class="last"><?= /* @escapeNotVerified */ $block->getEmptyCellLabel() ?></td><?php
+                                    <td colspan="<?= $block->escapeHtmlAttr($block->getEmptyCellColspan($_item)) ?>"
+                                        class="last"><?= $block->escapeHtml($block->getEmptyCellLabel()) ?></td><?php
                                 endif;
                             endif;
                         endforeach; ?>
                     </tr>
-                    <?php if ($_multipleRows = $block->getMultipleRows($_item)): ?>
-                        <?php foreach ($_multipleRows as $_i): ?>
+                    <?php if ($_multipleRows = $block->getMultipleRows($_item)) : ?>
+                        <?php foreach ($_multipleRows as $_i) : ?>
                             <tr>
                                 <?php $i = 0;
-                                foreach ($block->getMultipleRowColumns($_i) as $_column): ?>
-                                    <td class="<?= /* @escapeNotVerified */ $_column->getCssProperty() ?>
-                                        <?= /* @escapeNotVerified */ $_column->getId() == 'massaction' ? 'data-grid-checkbox-cell': '' ?>">
-                                        <?= (($_html = $_column->getRowField($_i)) != '' ? $_html : '&nbsp;') ?>
+                                foreach ($block->getMultipleRowColumns($_i) as $_column) : ?>
+                                    <td class="<?= $block->escapeHtmlAttr($_column->getCssProperty()) ?>
+                                        <?= /* @noEscape */ $_column->getId() == 'massaction' ? 'data-grid-checkbox-cell': '' ?>">
+                                        <?= /* @noEscape */ (($_html = $_column->getRowField($_i)) != '' ? $_html : '&nbsp;') ?>
                                     </td>
                                 <?php endforeach; ?>
                             </tr>
                         <?php endforeach; ?>
                     <?php endif; ?>
 
-                    <?php if ($block->shouldRenderSubTotal($_item)): ?>
+                    <?php if ($block->shouldRenderSubTotal($_item)) : ?>
                         <tr class="subtotals">
                             <?php $i = 0;
-                            foreach ($block->getSubTotalColumns() as $_column): ?>
-                                <td class="<?= /* @escapeNotVerified */ $_column->getCssProperty() ?>
-                                           <?= /* @escapeNotVerified */ $_column->getId() == 'massaction' ? 'data-grid-checkbox-cell': '' ?>">
-                                    <?php /* @escapeNotVerified */ echo($_column->hasSubtotalsLabel() ? $_column->getSubtotalsLabel() :
-                                        $_column->getRowField($block->getSubTotalItem($_item))
-                                    );
-                                    ?>
+                            foreach ($block->getSubTotalColumns() as $_column) : ?>
+                                <td class="<?= $block->escapeHtmlAttr($_column->getCssProperty()) ?>
+                                           <?= /* @noEscape */ $_column->getId() == 'massaction' ? 'data-grid-checkbox-cell': '' ?>">
+                                    <?= /* @noEscape */ $_column->hasSubtotalsLabel() ? $block->escapeHtml($_column->getSubtotalsLabel()) : $_column->getRowField($block->getSubTotalItem($_item)) ?>
                                 </td>
                             <?php endforeach; ?>
                         </tr>
                     <?php endif; ?>
                 <?php endforeach; ?>
-            <?php elseif ($block->getEmptyText()): ?>
+            <?php elseif ($block->getEmptyText()) : ?>
                 <tr class="data-grid-tr-no-data">
-                    <td class="<?= /* @escapeNotVerified */ $block->getEmptyTextClass() ?>"
-                        colspan="<?= /* @escapeNotVerified */ $numColumns ?>"><?= /* @escapeNotVerified */ $block->getEmptyText() ?></td>
+                    <td class="<?= $block->escapeHtmlAttr($block->getEmptyTextClass()) ?>"
+                        colspan="<?= $block->escapeHtmlAttr($numColumns) ?>"><?= $block->escapeHtml($block->getEmptyText()) ?></td>
                 </tr>
             <?php endif; ?>
             </tbody>
         </table>
 
     </div>
-    <?php if ($block->canDisplayContainer()): ?>
+    <?php if ($block->canDisplayContainer()) : ?>
 </div>
 <script>
     var deps = [];
 
-    <?php if ($block->getDependencyJsObject()): ?>
+        <?php if ($block->getDependencyJsObject()) : ?>
     deps.push('uiRegistry');
-    <?php endif; ?>
+        <?php endif; ?>
 
-    <?php if (strpos($block->getRowClickCallback(), 'order.') !== false): ?>
+        <?php if (strpos($block->getRowClickCallback(), 'order.') !== false) : ?>
     deps.push('Magento_Sales/order/create/form')
-    <?php endif; ?>
+        <?php endif; ?>
 
     deps.push('mage/adminhtml/grid');
 
-    <?php if (is_array($block->getRequireJsDependencies())): ?>
-        <?php foreach ($block->getRequireJsDependencies() as $dependency): ?>
-            deps.push('<?= /* @escapeNotVerified */ $dependency ?>');
-        <?php endforeach; ?>
-    <?php endif; ?>
+        <?php if (is_array($block->getRequireJsDependencies())) : ?>
+            <?php foreach ($block->getRequireJsDependencies() as $dependency) : ?>
+            deps.push('<?= $block->escapeJs($dependency) ?>');
+            <?php endforeach; ?>
+        <?php endif; ?>
 
     require(deps, function(<?= ($block->getDependencyJsObject() ? 'registry' : '') ?>){
         <?php //TODO: getJsObjectName and getRowClickCallback has unexpected behavior. Should be removed ?>
 
         //<![CDATA[
-    <?php if ($block->getDependencyJsObject()): ?>
-        registry.get('<?= /* @escapeNotVerified */ $block->getDependencyJsObject() ?>', function (<?= /* @escapeNotVerified */ $block->getDependencyJsObject() ?>) {
-    <?php endif; ?>
-
-    <?= /* @escapeNotVerified */ $block->getJsObjectName() ?> = new varienGrid(<?= /* @noEscape */ $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($block->getId()) ?>, '<?= /* @escapeNotVerified */ $block->getGridUrl() ?>', '<?= /* @escapeNotVerified */ $block->getVarNamePage() ?>', '<?= /* @escapeNotVerified */ $block->getVarNameSort() ?>', '<?= /* @escapeNotVerified */ $block->getVarNameDir() ?>', '<?= /* @escapeNotVerified */ $block->getVarNameFilter() ?>');
-    <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.useAjax = '<?= /* @escapeNotVerified */ $block->getUseAjax() ?>';
-    <?php if ($block->getRowClickCallback()): ?>
-    <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.rowClickCallback = <?= /* @escapeNotVerified */ $block->getRowClickCallback() ?>;
-    <?php endif; ?>
-    <?php if ($block->getCheckboxCheckCallback()): ?>
-    <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.checkboxCheckCallback = <?= /* @escapeNotVerified */ $block->getCheckboxCheckCallback() ?>;
-    <?php endif; ?>
-    <?php if ($block->getRowInitCallback()): ?>
-    <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.initRowCallback = <?= /* @escapeNotVerified */ $block->getRowInitCallback() ?>;
-    <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.initGridRows();
-    <?php endif; ?>
-    <?php if ($block->getMassactionBlock() && $block->getMassactionBlock()->isAvailable()): ?>
-    <?= /* @escapeNotVerified */ $block->getMassactionBlock()->getJavaScript() ?>
-    <?php endif ?>
-    <?= /* @escapeNotVerified */ $block->getAdditionalJavaScript() ?>
+        <?php if ($block->getDependencyJsObject()) : ?>
+        registry.get('<?= $block->escapeJs($block->getDependencyJsObject()) ?>', function (<?= $block->escapeJs($block->getDependencyJsObject()) ?>) {
+        <?php endif; ?>
+    <?php // phpcs:disable ?>
+    <?= $block->escapeJs($block->getJsObjectName()) ?> = new varienGrid(<?= /* @noEscape */ $this->helper(\Magento\Framework\Json\Helper\Data::class)->jsonEncode($block->getId()) ?>, '<?= $block->escapeJs($block->getGridUrl()) ?>', '<?= $block->escapeJs($block->getVarNamePage()) ?>', '<?= $block->escapeJs($block->getVarNameSort()) ?>', '<?= $block->escapeJs($block->getVarNameDir()) ?>', '<?= $block->escapeJs($block->getVarNameFilter()) ?>');
+    <?php //phpcs:enable ?>
+        <?= $block->escapeJs($block->getJsObjectName()) ?>.useAjax = '<?= $block->escapeJs($block->getUseAjax()) ?>';
+        <?php if ($block->getRowClickCallback()) : ?>
+            <?= $block->escapeJs($block->getJsObjectName()) ?>.rowClickCallback = <?= /* @noEscape */ $block->getRowClickCallback() ?>;
+        <?php endif; ?>
+        <?php if ($block->getCheckboxCheckCallback()) : ?>
+            <?= $block->escapeJs($block->getJsObjectName()) ?>.checkboxCheckCallback = <?= /* @noEscape */ $block->getCheckboxCheckCallback() ?>;
+        <?php endif; ?>
+        <?php if ($block->getRowInitCallback()) : ?>
+            <?= $block->escapeJs($block->getJsObjectName()) ?>.initRowCallback = <?= /* @noEscape */ $block->getRowInitCallback() ?>;
+            <?= $block->escapeJs($block->getJsObjectName()) ?>.initGridRows();
+        <?php endif; ?>
+        <?php if ($block->getMassactionBlock() && $block->getMassactionBlock()->isAvailable()) : ?>
+            <?= /* @noEscape */ $block->getMassactionBlock()->getJavaScript() ?>
+        <?php endif ?>
+        <?= /* @noEscape */ $block->getAdditionalJavaScript() ?>
 
-    <?php if ($block->getDependencyJsObject()): ?>
+        <?php if ($block->getDependencyJsObject()) : ?>
         });
-    <?php endif; ?>
+        <?php endif; ?>
     //]]>
 
 });
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/massaction.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/massaction.phtml
index ea995d9a80b28..9a21cd4ef71a1 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/massaction.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/massaction.phtml
@@ -3,14 +3,11 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<?= /* @escapeNotVerified */ $block->getSomething() ?>
+<?= /* @noEscape */ $block->getSomething() ?>
 <div id="<?= $block->getHtmlId() ?>" class="admin__grid-massaction">
 
-    <?php if ($block->getHideFormElement() !== true):?>
+    <?php if ($block->getHideFormElement() !== true) : ?>
     <form action="" id="<?= $block->getHtmlId() ?>-form" method="post">
     <?php endif ?>
         <div class="admin__grid-massaction-form">
@@ -18,23 +15,23 @@
             <select
                 id="<?= $block->getHtmlId() ?>-select"
                 class="required-entry local-validation admin__control-select"
-                <?= /* @escapeNotVerified */ $block->getUiId('select') ?>>
-                <option class="admin__control-select-placeholder" value="" selected><?= /* @escapeNotVerified */ __('Actions') ?></option>
-                <?php foreach ($block->getItems() as $_item):?>
-                    <option value="<?= /* @escapeNotVerified */ $_item->getId() ?>"<?= ($_item->getSelected() ? ' selected="selected"' : '') ?>><?= /* @escapeNotVerified */ $_item->getLabel() ?></option>
+                <?= /* @noEscape */ $block->getUiId('select') ?>>
+                <option class="admin__control-select-placeholder" value="" selected><?= $block->escapeHtml(__('Actions')) ?></option>
+                <?php foreach ($block->getItems() as $_item) : ?>
+                    <option value="<?= $block->escapeHtmlAttr($_item->getId()) ?>"<?= ($_item->getSelected() ? ' selected="selected"' : '') ?>><?= $block->escapeHtml($_item->getLabel()) ?></option>
                 <?php endforeach; ?>
             </select>
             <span class="outer-span" id="<?= $block->getHtmlId() ?>-form-hiddens"></span>
             <span class="outer-span" id="<?= $block->getHtmlId() ?>-form-additional"></span>
             <?= $block->getApplyButtonHtml() ?>
         </div>
-    <?php if ($block->getHideFormElement() !== true):?>
+    <?php if ($block->getHideFormElement() !== true) :?>
     </form>
     <?php endif ?>
     <div class="no-display">
-    <?php foreach ($block->getItems() as $_item): ?>
-        <div id="<?= $block->getHtmlId() ?>-item-<?= /* @escapeNotVerified */ $_item->getId() ?>-block">
-            <?php if ('' != $_item->getBlockName()):?>
+    <?php foreach ($block->getItems() as $_item) : ?>
+        <div id="<?= $block->getHtmlId() ?>-item-<?= /* @noEscape */ $_item->getId() ?>-block">
+            <?php if ('' != $_item->getBlockName()) :?>
                 <?= $block->getChildHtml($_item->getBlockName()) ?>
             <?php endif;?>
         </div>
@@ -47,21 +44,21 @@
             class="action-select-multiselect _disabled"
             disabled="disabled"
             data-menu="grid-mass-select">
-            <optgroup label="<?= /* @escapeNotVerified */ __('Mass Actions') ?>">
+            <optgroup label="<?= $block->escapeHtmlAttr(__('Mass Actions')) ?>">
                 <option disabled selected></option>
-                <?php if ($block->getUseSelectAll()):?>
+                <?php if ($block->getUseSelectAll()) :?>
                     <option value="selectAll">
-                        <?= /* @escapeNotVerified */ __('Select All') ?>
+                        <?= $block->escapeHtml(__('Select All')) ?>
                     </option>
                     <option value="unselectAll">
-                        <?= /* @escapeNotVerified */ __('Unselect All') ?>
+                        <?= $block->escapeHtml(__('Unselect All')) ?>
                     </option>
                 <?php endif; ?>
                 <option value="selectVisible">
-                    <?= /* @escapeNotVerified */ __('Select Visible') ?>
+                    <?= $block->escapeHtml(__('Select Visible')) ?>
                 </option>
                 <option value="unselectVisible">
-                    <?= /* @escapeNotVerified */ __('Unselect Visible') ?>
+                    <?= $block->escapeHtml(__('Unselect Visible')) ?>
                 </option>
             </optgroup>
         </select>
@@ -78,25 +75,25 @@
             var massAction = $('option:selected', this).val();
             this.blur();
             switch (massAction) {
-                <?php if ($block->getUseSelectAll()):?>
+                <?php if ($block->getUseSelectAll()) : ?>
                 case 'selectAll':
-                    return <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.selectAll();
+                    return <?= $block->escapeJs($block->getJsObjectName()) ?>.selectAll();
                     break;
                 case 'unselectAll':
-                    return <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.unselectAll();
+                    return <?= $block->escapeJs($block->getJsObjectName()) ?>.unselectAll();
                     break;
                 <?php endif; ?>
                 case 'selectVisible':
-                    return <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.selectVisible();
+                    return <?= $block->escapeJs($block->getJsObjectName()) ?>.selectVisible();
                     break;
                 case 'unselectVisible':
-                    return <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.unselectVisible();
+                    return <?= $block->escapeJs($block->getJsObjectName()) ?>.unselectVisible();
                     break;
             }
         });
     });
-    <?php if (!$block->getParentBlock()->canDisplayContainer()): ?>
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.setGridIds('<?= /* @escapeNotVerified */ $block->getGridIdsJson() ?>');
+    <?php if (!$block->getParentBlock()->canDisplayContainer()) : ?>
+        <?= $block->escapeJs($block->getJsObjectName()) ?>.setGridIds('<?= $block->escapeJs($block->getGridIdsJson()) ?>');
     <?php endif; ?>
 </script>
 </div>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/massaction_extended.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/massaction_extended.phtml
index f969fa61097ae..c0f30fc282f38 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/massaction_extended.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/massaction_extended.phtml
@@ -3,13 +3,10 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <div id="<?= $block->getHtmlId() ?>" class="admin__grid-massaction">
 
-    <?php if ($block->getHideFormElement() !== true):?>
+    <?php if ($block->getHideFormElement() !== true) : ?>
     <form action="" id="<?= $block->getHtmlId() ?>-form" method="post">
     <?php endif ?>
         <div class="admin__grid-massaction-form">
@@ -17,21 +14,21 @@
             <select
                 id="<?= $block->getHtmlId() ?>-select"
                 class="required-entry local-validation admin__control-select">
-                <option class="admin__control-select-placeholder" value="" selected><?= /* @escapeNotVerified */ __('Actions') ?></option>
-                <?php foreach ($block->getItems() as $_item): ?>
-                    <option value="<?= /* @escapeNotVerified */ $_item->getId() ?>"<?= ($_item->getSelected() ? ' selected="selected"' : '') ?>><?= /* @escapeNotVerified */ $_item->getLabel() ?></option>
+                <option class="admin__control-select-placeholder" value="" selected><?= $block->escapeHtml(__('Actions')) ?></option>
+                <?php foreach ($block->getItems() as $_item) : ?>
+                    <option value="<?= $block->escapeHtmlAttr($_item->getId()) ?>"<?= ($_item->getSelected() ? ' selected="selected"' : '') ?>><?= $block->escapeHtml($_item->getLabel()) ?></option>
                 <?php endforeach; ?>
             </select>
             <span class="outer-span" id="<?= $block->getHtmlId() ?>-form-hiddens"></span>
             <span class="outer-span" id="<?= $block->getHtmlId() ?>-form-additional"></span>
             <?= $block->getApplyButtonHtml() ?>
         </div>
-    <?php if ($block->getHideFormElement() !== true):?>
+    <?php if ($block->getHideFormElement() !== true) : ?>
     </form>
     <?php endif ?>
     <div class="no-display">
-        <?php foreach ($block->getItems() as $_item): ?>
-            <div id="<?= $block->getHtmlId() ?>-item-<?= /* @escapeNotVerified */ $_item->getId() ?>-block">
+        <?php foreach ($block->getItems() as $_item) : ?>
+            <div id="<?= $block->getHtmlId() ?>-item-<?= /* @noEscape */ $_item->getId() ?>-block">
                 <?= $_item->getAdditionalActionBlockHtml() ?>
             </div>
         <?php endforeach; ?>
@@ -41,21 +38,21 @@
             id="<?= $block->getHtmlId() ?>-mass-select"
             class="action-select-multiselect"
             data-menu="grid-mass-select">
-            <optgroup label="<?= /* @escapeNotVerified */ __('Mass Actions') ?>">
+            <optgroup label="<?= $block->escapeHtml(__('Mass Actions')) ?>">
                 <option disabled selected></option>
-            <?php if ($block->getUseSelectAll()):?>
+            <?php if ($block->getUseSelectAll()) : ?>
                 <option value="selectAll">
-                    <?= /* @escapeNotVerified */ __('Select All') ?>
+                    <?= $block->escapeHtml(__('Select All')) ?>
                 </option>
                 <option value="unselectAll">
-                    <?= /* @escapeNotVerified */ __('Unselect All') ?>
+                    <?= $block->escapeHtml(__('Unselect All')) ?>
                 </option>
             <?php endif; ?>
                 <option value="selectVisible">
-                    <?= /* @escapeNotVerified */ __('Select Visible') ?>
+                    <?= $block->escapeHtml(__('Select Visible')) ?>
                 </option>
                 <option value="unselectVisible">
-                    <?= /* @escapeNotVerified */ __('Unselect Visible') ?>
+                    <?= $block->escapeHtml(__('Unselect Visible')) ?>
                 </option>
             </optgroup>
         </select>
@@ -67,27 +64,27 @@
         $('#<?= $block->getHtmlId() ?>-mass-select').change(function () {
             var massAction = $('option:selected', this).val();
             switch (massAction) {
-                <?php if ($block->getUseSelectAll()):?>
+                <?php if ($block->getUseSelectAll()) : ?>
                 case 'selectAll':
-                    return <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.selectAll();
+                    return <?= $block->escapeJs($block->getJsObjectName()) ?>.selectAll();
                     break;
                 case 'unselectAll':
-                    return <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.unselectAll();
+                    return <?= $block->escapeJs($block->getJsObjectName()) ?>.unselectAll();
                     break;
                 <?php endif; ?>
                 case 'selectVisible':
-                    return <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.selectVisible();
+                    return <?= $block->escapeJs($block->getJsObjectName()) ?>.selectVisible();
                     break;
                 case 'unselectVisible':
-                    return <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.unselectVisible();
+                    return <?= $block->escapeJs($block->getJsObjectName()) ?>.unselectVisible();
                     break;
             }
             this.blur();
         });
     });
 
-    <?php if (!$block->getParentBlock()->canDisplayContainer()): ?>
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.setGridIds('<?= /* @escapeNotVerified */ $block->getGridIdsJson() ?>');
+    <?php if (!$block->getParentBlock()->canDisplayContainer()) : ?>
+        <?= $block->escapeJs($block->getJsObjectName()) ?>.setGridIds('<?= /* @noEscape */ $block->getGridIdsJson() ?>');
     <?php endif; ?>
 </script>
 </div>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/serializer.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/serializer.phtml
index 70e2a87987924..2208a00929592 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/serializer.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/grid/serializer.phtml
@@ -3,18 +3,18 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /**
  * @var $block \Magento\Backend\Block\Widget\Grid\Serializer
  */
 ?>
-<?php $_id = 'id_' . md5(microtime()) ?>
+<?php
+// phpcs:ignore
+$_id = 'id_' . md5(microtime());
+?>
 <?php $formId = $block->getFormId()?>
-<?php if (!empty($formId)) :?>
+<?php if (!empty($formId)) : ?>
 <script>
     require([
         'prototype',
@@ -23,11 +23,11 @@
         Event.observe(window, "load", function(){
             var serializeInput  = document.createElement('input');
             serializeInput.type = 'hidden';
-            serializeInput.name = '<?= /* @escapeNotVerified */ $block->getInputElementName() ?>';
-            serializeInput.id   = '<?= /* @escapeNotVerified */ $_id ?>';
+            serializeInput.name = '<?= $block->escapeJs($block->getInputElementName()) ?>';
+            serializeInput.id   = '<?= /* @noEscape */ $_id ?>';
             try {
-                document.getElementById('<?= /* @escapeNotVerified */ $formId ?>').appendChild(serializeInput);
-                new serializerController('<?= /* @escapeNotVerified */ $_id ?>', <?= /* @escapeNotVerified */ $block->getDataAsJSON() ?>, <?= /* @escapeNotVerified */ $block->getColumnInputNames(true) ?>, <?= /* @escapeNotVerified */ $block->getGridBlock()->getJsObjectName() ?>, '<?= /* @escapeNotVerified */ $block->getReloadParamName() ?>');
+                document.getElementById('<?= $block->escapeJs($formId) ?>').appendChild(serializeInput);
+                new serializerController('<?= /* @noEscape */ $_id ?>', <?= /* @noEscape */ $block->getDataAsJSON() ?>, <?= /* @noEscape */ $block->getColumnInputNames(true) ?>, <?= $block->escapeJs($block->getGridBlock()->getJsObjectName()) ?>, '<?= $block->escapeJs($block->getReloadParamName()) ?>');
             } catch(e) {
                 //Error add serializer
             }
@@ -35,12 +35,12 @@
     });
 </script>
 <?php else :?>
-<input type="hidden" name="<?= /* @escapeNotVerified */ $block->getInputElementName() ?>"  value="" id="<?= /* @escapeNotVerified */ $_id ?>" />
+<input type="hidden" name="<?= $block->escapeHtmlAttr($block->getInputElementName()) ?>"  value="" id="<?= /* @noEscape */ $_id ?>" />
 <script>
     require([
         'mage/adminhtml/grid'
     ], function(){
-        new serializerController('<?= /* @escapeNotVerified */ $_id ?>', <?= /* @escapeNotVerified */ $block->getDataAsJSON() ?>, <?= /* @escapeNotVerified */ $block->getColumnInputNames(true) ?>, <?= /* @escapeNotVerified */ $block->getGridBlock()->getJsObjectName() ?>, '<?= /* @escapeNotVerified */ $block->getReloadParamName() ?>');
+        new serializerController('<?= /* @noEscape */ $_id ?>', <?= /* @noEscape */ $block->getDataAsJSON() ?>, <?= /* @noEscape */ $block->getColumnInputNames(true) ?>, <?= $block->escapeJs($block->getGridBlock()->getJsObjectName()) ?>, '<?= $block->escapeJs($block->getReloadParamName()) ?>');
     });
 </script>
 <?php endif;?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/tabs.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/tabs.phtml
index 287028f9a1122..5246aac088a5b 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/tabs.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/tabs.phtml
@@ -4,46 +4,47 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /** @var $block \Magento\Backend\Block\Widget\Tabs */
 ?>
-<?php if (!empty($tabs)): ?>
+<?php if (!empty($tabs)) : ?>
 
-<div class="admin__page-nav" data-role="container" id="<?= /* @escapeNotVerified */ $block->getId() ?>">
-    <?php if ($block->getTitle()): ?>
-        <div class="admin__page-nav-title" data-role="title" <?= /* @escapeNotVerified */ $block->getUiId('title') ?>>
-            <strong><?= /* @escapeNotVerified */ $block->getTitle() ?></strong>
+<div class="admin__page-nav" data-role="container" id="<?=  $block->escapeHtmlAttr($block->getId()) ?>">
+    <?php if ($block->getTitle()) : ?>
+        <div class="admin__page-nav-title" data-role="title" <?= /* @noEscape */ $block->getUiId('title') ?>>
+            <strong><?= $block->escapeHtml($block->getTitle()) ?></strong>
             <span data-role="title-messages" class="admin__page-nav-title-messages"></span>
         </div>
     <?php endif ?>
-    <ul <?= /* @escapeNotVerified */ $block->getUiId('tab', $block->getId()) ?> class="<?= /* @escapeNotVerified */ $block->getIsHoriz() ? 'tabs-horiz' : 'tabs admin__page-nav-items' ?>">
-        <?php foreach ($tabs as $_tab): ?>
-
-            <?php if (!$block->canShowTab($_tab)): continue;  endif; ?>
+    <ul <?= /* @noEscape */ $block->getUiId('tab', $block->getId()) ?> class="<?= /* @noEscape */ $block->getIsHoriz() ? 'tabs-horiz' : 'tabs admin__page-nav-items' ?>">
+        <?php foreach ($tabs as $_tab) : ?>
+            <?php
+            if (!$block->canShowTab($_tab)) :
+                continue;
+            endif;
+            ?>
             <?php $_tabClass = 'tab-item-link ' . $block->getTabClass($_tab) . ' ' . (preg_match('/\s?ajax\s?/', $_tab->getClass()) ? 'notloaded' : '') ?>
             <?php $_tabType = (!preg_match('/\s?ajax\s?/', $_tabClass) && $block->getTabUrl($_tab) != '#') ? 'link' : '' ?>
             <?php $_tabHref = $block->getTabUrl($_tab) == '#' ? '#' . $block->getTabId($_tab) . '_content' : $block->getTabUrl($_tab) ?>
 
-            <li class="admin__page-nav-item" <?php if ($block->getTabIsHidden($_tab)): ?> style="display:none"<?php endif; ?><?= /* @escapeNotVerified */ $block->getUiId('tab', 'item', $_tab->getId()) ?>>
-                <a href="<?= /* @escapeNotVerified */ $_tabHref ?>" id="<?= /* @escapeNotVerified */ $block->getTabId($_tab) ?>" name="<?= /* @escapeNotVerified */ $block->getTabId($_tab, false) ?>" title="<?= /* @escapeNotVerified */ $block->getTabTitle($_tab) ?>"
-                   class="admin__page-nav-link <?= /* @escapeNotVerified */ $_tabClass ?>"
-                   data-tab-type="<?= /* @escapeNotVerified */ $_tabType ?>"
-                   <?= /* @escapeNotVerified */ $block->getUiId('tab', 'link', $_tab->getId()) ?>>
+            <li class="admin__page-nav-item" <?php if ($block->getTabIsHidden($_tab)) : ?> style="display:none"<?php endif; ?><?= /* @noEscape */ $block->getUiId('tab', 'item', $_tab->getId()) ?>>
+                <a href="<?=  $block->escapeUrl($_tabHref) ?>" id="<?=  $block->escapeHtmlAttr($block->getTabId($_tab)) ?>" name="<?=  $block->escapeHtmlAttr($block->getTabId($_tab, false)) ?>" title="<?=  $block->escapeHtmlAttr($block->getTabTitle($_tab)) ?>"
+                   class="admin__page-nav-link <?= $block->escapeHtmlAttr($_tabClass) ?>"
+                   data-tab-type="<?=  $block->escapeHtmlAttr($_tabType) ?>"
+                   <?= /* @noEscape */ $block->getUiId('tab', 'link', $_tab->getId()) ?>>
 
-                   <span><?= /* @escapeNotVerified */ $block->getTabLabel($_tab) ?></span>
+                   <span><?= $block->escapeHtml($block->getTabLabel($_tab)) ?></span>
 
                    <span class="admin__page-nav-item-messages" data-role="item-messages">
                        <span class="admin__page-nav-item-message _changed">
                            <span class="admin__page-nav-item-message-icon"></span>
                            <span class="admin__page-nav-item-message-tooltip">
-                               <?= /* @escapeNotVerified */ __('Changes have been made to this section that have not been saved.') ?>
+                               <?= $block->escapeHtml(__('Changes have been made to this section that have not been saved.')) ?>
                            </span>
                        </span>
                        <span class="admin__page-nav-item-message _error">
                            <span class="admin__page-nav-item-message-icon"></span>
                            <span class="admin__page-nav-item-message-tooltip">
-                               <?= /* @escapeNotVerified */ __('This tab contains invalid data. Please resolve this before saving.') ?>
+                               <?= $block->escapeHtml(__('This tab contains invalid data. Please resolve this before saving.')) ?>
                            </span>
                        </span>
                         <span class="admin__page-nav-item-message-loader">
@@ -54,7 +55,7 @@
                        </span>
                    </span>
                 </a>
-                <div id="<?= /* @escapeNotVerified */ $block->getTabId($_tab) ?>_content" style="display:none;"<?= /* @escapeNotVerified */ $block->getUiId('tab', 'content', $_tab->getId()) ?>><?= /* @escapeNotVerified */ $block->getTabContent($_tab) ?></div>
+                <div id="<?=  $block->escapeHtmlAttr($block->getTabId($_tab)) ?>_content" style="display:none;"<?= /* @noEscape */ $block->getUiId('tab', 'content', $_tab->getId()) ?>><?= /* @noEscape */ $block->getTabContent($_tab) ?></div>
             </li>
         <?php endforeach; ?>
     </ul>
@@ -63,11 +64,11 @@
 <script>
 require(['jquery',"mage/backend/tabs"], function($){
     $(function() {
-        $('#<?= /* @escapeNotVerified */ $block->getId() ?>').tabs({
-            active: '<?= /* @escapeNotVerified */ $block->getActiveTabId() ?>',
-            destination: '#<?= /* @escapeNotVerified */ $block->getDestElementId() ?>',
-            shadowTabs: <?= /* @escapeNotVerified */ $block->getAllShadowTabs() ?>,
-            tabsBlockPrefix: '<?= /* @escapeNotVerified */ $block->getId() ?>_',
+        $('#<?= /* @noEscape */ $block->getId() ?>').tabs({
+            active: '<?= /* @noEscape */ $block->getActiveTabId() ?>',
+            destination: '#<?= /* @noEscape */ $block->getDestElementId() ?>',
+            shadowTabs: <?= /* @noEscape */ $block->getAllShadowTabs() ?>,
+            tabsBlockPrefix: '<?= /* @noEscape */ $block->getId() ?>_',
             tabIdArgument: 'active_tab'
         });
     });
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/tabshoriz.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/tabshoriz.phtml
index c76f10da0f927..747dc577d2348 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/tabshoriz.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/tabshoriz.phtml
@@ -3,41 +3,38 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<!-- <?php if ($block->getTitle()): ?>
-    <h3><?= /* @escapeNotVerified */ $block->getTitle() ?></h3>
+<!-- <?php if ($block->getTitle()) : ?>
+    <h3><?= $block->escapeHtml($block->getTitle()) ?></h3>
 <?php endif ?> -->
-<?php if (!empty($tabs)): ?>
-<div id="<?= /* @escapeNotVerified */ $block->getId() ?>">
+<?php if (!empty($tabs)) : ?>
+<div id="<?=  $block->escapeHtmlAttr($block->getId()) ?>">
 <ul  class="tabs-horiz">
-<?php foreach ($tabs as $_tab): ?>
-    <?php $_tabClass = 'tab-item-link ' . $block->getTabClass($_tab) . ' ' . (preg_match('/\s?ajax\s?/', $_tab->getClass()) ? 'notloaded' : '') ?>
-    <?php $_tabType = (!preg_match('/\s?ajax\s?/', $_tabClass) && $block->getTabUrl($_tab) != '#') ? 'link' : '' ?>
-    <?php $_tabHref = $block->getTabUrl($_tab) == '#' ? '#' . $block->getTabId($_tab) . '_content' : $block->getTabUrl($_tab) ?>
+    <?php foreach ($tabs as $_tab) : ?>
+        <?php $_tabClass = 'tab-item-link ' . $block->getTabClass($_tab) . ' ' . (preg_match('/\s?ajax\s?/', $_tab->getClass()) ? 'notloaded' : '') ?>
+        <?php $_tabType = (!preg_match('/\s?ajax\s?/', $_tabClass) && $block->getTabUrl($_tab) != '#') ? 'link' : '' ?>
+        <?php $_tabHref = $block->getTabUrl($_tab) == '#' ? '#' . $block->getTabId($_tab) . '_content' : $block->getTabUrl($_tab) ?>
     <li>
         <a href="<?= $block->escapeHtmlAttr($_tabHref) ?>" id="<?= $block->escapeHtmlAttr($block->getTabId($_tab)) ?>" title="<?= $block->escapeHtmlAttr($block->getTabTitle($_tab)) ?>" class="<?= $block->escapeHtmlAttr($_tabClass) ?>" data-tab-type="<?= $block->escapeHtmlAttr($_tabType) ?>">
             <span>
-                <span class="changed" title="<?= /* @escapeNotVerified */ __('The information in this tab has been changed.') ?>"></span>
-                <span class="error" title="<?= /* @escapeNotVerified */ __('This tab contains invalid data. Please resolve this before saving.') ?>"></span>
-                <span class="loader" title="<?= /* @escapeNotVerified */ __('Loading...') ?>"></span>
-                <?= /* @escapeNotVerified */ $block->getTabLabel($_tab) ?>
+                <span class="changed" title="<?= $block->escapeHtmlAttr(__('The information in this tab has been changed.')) ?>"></span>
+                <span class="error" title="<?= $block->escapeHtmlAttr(__('This tab contains invalid data. Please resolve this before saving.')) ?>"></span>
+                <span class="loader" title="<?= $block->escapeHtmlAttr(__('Loading...')) ?>"></span>
+                <?= $block->escapeHtml($block->getTabLabel($_tab)) ?>
             </span>
         </a>
-        <div id="<?= /* @escapeNotVerified */ $block->getTabId($_tab) ?>_content" style="display:none"><?= /* @escapeNotVerified */ $block->getTabContent($_tab) ?></div>
+        <div id="<?=  $block->escapeHtmlAttr($block->getTabId($_tab)) ?>_content" style="display:none"><?= /* @noEscape */ $block->getTabContent($_tab) ?></div>
     </li>
-<?php endforeach; ?>
+    <?php endforeach; ?>
 </ul>
 </div>
 <script>
 require(["jquery","mage/backend/tabs"], function($){
     $(function() {
-        $('#<?= /* @escapeNotVerified */ $block->getId() ?>').tabs({
-            active: '<?= /* @escapeNotVerified */ $block->getActiveTabId() ?>',
-            destination: '#<?= /* @escapeNotVerified */ $block->getDestElementId() ?>',
-            shadowTabs: <?= /* @escapeNotVerified */ $block->getAllShadowTabs() ?>
+        $('#<?= /* @noEscape */ $block->getId() ?>').tabs({
+            active: '<?= /* @noEscape */ $block->getActiveTabId() ?>',
+            destination: '#<?= /* @noEscape */ $block->getDestElementId() ?>',
+            shadowTabs: <?= /* @noEscape */ $block->getAllShadowTabs() ?>
         });
     });
 });
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/tabsleft.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/tabsleft.phtml
index 6af34ca502f4b..4f69191e79763 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/tabsleft.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/tabsleft.phtml
@@ -3,21 +3,18 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<dl id="dl-<?= /* @escapeNotVerified */ $id ?>" class="accordion">
-<?php foreach ($sections as $sectionId => $section): ?>
-    <dt id="dt-<?= /* @escapeNotVerified */ $id ?>-<?= /* @escapeNotVerified */ $sectionId ?>">
-        <strong><?= /* @escapeNotVerified */ $section['title'] ?></strong>
+<dl id="dl-<?= /* @noEscape */ $id ?>" class="accordion">
+<?php foreach ($sections as $sectionId => $section) : ?>
+    <dt id="dt-<?= /* @noEscape */ $id ?>-<?= /* @noEscape */ $sectionId ?>">
+        <strong><?= $block->escapeHtml($section['title']) ?></strong>
     </dt>
-    <dd id="dd-<?= /* @escapeNotVerified */ $id ?>-<?= /* @escapeNotVerified */ $section['id'] ?>" class="section-menu <?= !empty($section['active']) ? 'open' : '' ?>">
+    <dd id="dd-<?= /* @noEscape */ $id ?>-<?= /* @noEscape */ $section['id'] ?>" class="section-menu <?= !empty($section['active']) ? 'open' : '' ?>">
         <ul>
-        <?php foreach ($section['children'] as $menuId => $menuItem): ?>
-            <li id="li-<?= /* @escapeNotVerified */ $id ?>-<?= /* @escapeNotVerified */ $sectionId ?>-<?= /* @escapeNotVerified */ $menuId ?>">
-                <a href="#" title="<?= /* @escapeNotVerified */ $menuItem['title'] ?>">
-                    <span><?= /* @escapeNotVerified */ $menuItem['label'] ?></span>
+        <?php foreach ($section['children'] as $menuId => $menuItem) : ?>
+            <li id="li-<?= /* @noEscape */ $id ?>-<?= /* @noEscape */ $sectionId ?>-<?= /* @noEscape */ $menuId ?>">
+                <a href="#" title="<?= $block->escapeHtmlAttr($menuItem['title']) ?>">
+                    <span><?= $block->escapeHtml($menuItem['label']) ?></span>
                 </a>
             </li>
         <?php endforeach ?>
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/widget/view/container.phtml b/app/code/Magento/Backend/view/adminhtml/templates/widget/view/container.phtml
index f29e8fd8624c0..a0d56911ae274 100644
--- a/app/code/Magento/Backend/view/adminhtml/templates/widget/view/container.phtml
+++ b/app/code/Magento/Backend/view/adminhtml/templates/widget/view/container.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <div data-mage-init='{"floatingHeader": {}}' class="page-actions"><?= $block->getButtonsHtml() ?></div>
 <?= $block->getViewHtml() ?>
diff --git a/app/code/Magento/Catalog/Block/Adminhtml/Product/Edit.php b/app/code/Magento/Catalog/Block/Adminhtml/Product/Edit.php
index 285caa974fd17..bef8ff9cf9112 100644
--- a/app/code/Magento/Catalog/Block/Adminhtml/Product/Edit.php
+++ b/app/code/Magento/Catalog/Block/Adminhtml/Product/Edit.php
@@ -12,8 +12,16 @@
  */
 namespace Magento\Catalog\Block\Adminhtml\Product;
 
+/**
+ * Class Edit
+ */
 class Edit extends \Magento\Backend\Block\Widget
 {
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * @var string
      */
@@ -47,6 +55,7 @@ class Edit extends \Magento\Backend\Block\Widget
      * @param \Magento\Eav\Model\Entity\Attribute\SetFactory $attributeSetFactory
      * @param \Magento\Framework\Registry $registry
      * @param \Magento\Catalog\Helper\Product $productHelper
+     * @param \Magento\Framework\Escaper $escaper
      * @param array $data
      */
     public function __construct(
@@ -55,16 +64,20 @@ public function __construct(
         \Magento\Eav\Model\Entity\Attribute\SetFactory $attributeSetFactory,
         \Magento\Framework\Registry $registry,
         \Magento\Catalog\Helper\Product $productHelper,
+        \Magento\Framework\Escaper $escaper,
         array $data = []
     ) {
         $this->_productHelper = $productHelper;
         $this->_attributeSetFactory = $attributeSetFactory;
         $this->_coreRegistry = $registry;
         $this->jsonEncoder = $jsonEncoder;
+        $this->escaper = $escaper;
         parent::__construct($context, $data);
     }
 
     /**
+     * Edit Product constructor
+     *
      * @return void
      */
     protected function _construct()
@@ -144,6 +157,8 @@ protected function _prepareLayout()
     }
 
     /**
+     * Retrieve back button html
+     *
      * @return string
      */
     public function getBackButtonHtml()
@@ -152,6 +167,8 @@ public function getBackButtonHtml()
     }
 
     /**
+     * Retrieve cancel button html
+     *
      * @return string
      */
     public function getCancelButtonHtml()
@@ -160,6 +177,8 @@ public function getCancelButtonHtml()
     }
 
     /**
+     * Retrieve save button html
+     *
      * @return string
      */
     public function getSaveButtonHtml()
@@ -168,6 +187,8 @@ public function getSaveButtonHtml()
     }
 
     /**
+     * Retrieve save and edit button html
+     *
      * @return string
      */
     public function getSaveAndEditButtonHtml()
@@ -176,6 +197,8 @@ public function getSaveAndEditButtonHtml()
     }
 
     /**
+     * Retrieve delete button html
+     *
      * @return string
      */
     public function getDeleteButtonHtml()
@@ -194,6 +217,8 @@ public function getSaveSplitButtonHtml()
     }
 
     /**
+     * Retrieve validation url
+     *
      * @return string
      */
     public function getValidationUrl()
@@ -202,6 +227,8 @@ public function getValidationUrl()
     }
 
     /**
+     * Retrieve save url
+     *
      * @return string
      */
     public function getSaveUrl()
@@ -210,6 +237,8 @@ public function getSaveUrl()
     }
 
     /**
+     * Retrieve save and continue url
+     *
      * @return string
      */
     public function getSaveAndContinueUrl()
@@ -221,6 +250,8 @@ public function getSaveAndContinueUrl()
     }
 
     /**
+     * Retrieve product id
+     *
      * @return mixed
      */
     public function getProductId()
@@ -229,6 +260,8 @@ public function getProductId()
     }
 
     /**
+     * Retrieve product set id
+     *
      * @return mixed
      */
     public function getProductSetId()
@@ -241,6 +274,8 @@ public function getProductSetId()
     }
 
     /**
+     * Retrieve duplicate url
+     *
      * @return string
      */
     public function getDuplicateUrl()
@@ -249,6 +284,8 @@ public function getDuplicateUrl()
     }
 
     /**
+     * Retrieve product header
+     *
      * @deprecated 101.1.0
      * @return string
      */
@@ -263,6 +300,8 @@ public function getHeader()
     }
 
     /**
+     * Get product attribute set name
+     *
      * @return string
      */
     public function getAttributeSetName()
@@ -275,11 +314,14 @@ public function getAttributeSetName()
     }
 
     /**
+     * Retrieve id of selected tab
+     *
      * @return string
      */
     public function getSelectedTabId()
     {
-        return addslashes(htmlspecialchars($this->getRequest()->getParam('tab')));
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
+        return addslashes($this->escaper->escapeHtml($this->getRequest()->getParam('tab')));
     }
 
     /**
diff --git a/app/code/Magento/Catalog/Model/ProductRepository.php b/app/code/Magento/Catalog/Model/ProductRepository.php
index c87b6e9763205..e961db42d99fe 100644
--- a/app/code/Magento/Catalog/Model/ProductRepository.php
+++ b/app/code/Magento/Catalog/Model/ProductRepository.php
@@ -369,8 +369,11 @@ protected function initializeProductData(array $productData, $createNew)
         if ($createNew) {
             $product = $this->productFactory->create();
             $this->assignProductToWebsites($product);
+        } elseif (!empty($productData['id'])) {
+            $this->removeProductFromLocalCacheById($productData['id']);
+            $product = $this->getById($productData['id']);
         } else {
-            $this->removeProductFromLocalCache($productData['sku']);
+            $this->removeProductFromLocalCacheBySku($productData['sku']);
             $product = $this->get($productData['sku']);
         }
 
@@ -512,7 +515,7 @@ public function save(ProductInterface $product, $saveOptions = false)
         $tierPrices = $product->getData('tier_price');
 
         try {
-            $existingProduct = $this->get($product->getSku());
+            $existingProduct = $product->getId() ? $this->getById($product->getId()) : $this->get($product->getSku());
 
             $product->setData(
                 $this->resourceModel->getLinkField(),
@@ -570,8 +573,8 @@ public function save(ProductInterface $product, $saveOptions = false)
                 $product->getCategoryIds()
             );
         }
-        $this->removeProductFromLocalCache($product->getSku());
-        unset($this->instancesById[$product->getId()]);
+        $this->removeProductFromLocalCacheBySku($product->getSku());
+        $this->removeProductFromLocalCacheById($product->getId());
 
         return $this->get($product->getSku(), false, $product->getStoreId());
     }
@@ -584,8 +587,8 @@ public function delete(ProductInterface $product)
         $sku = $product->getSku();
         $productId = $product->getId();
         try {
-            $this->removeProductFromLocalCache($product->getSku());
-            unset($this->instancesById[$product->getId()]);
+            $this->removeProductFromLocalCacheBySku($product->getSku());
+            $this->removeProductFromLocalCacheById($product->getId());
             $this->resourceModel->delete($product);
         } catch (ValidatorException $e) {
             throw new CouldNotSaveException(__($e->getMessage()), $e);
@@ -595,8 +598,8 @@ public function delete(ProductInterface $product)
                 $e
             );
         }
-        $this->removeProductFromLocalCache($sku);
-        unset($this->instancesById[$productId]);
+        $this->removeProductFromLocalCacheBySku($sku);
+        $this->removeProductFromLocalCacheById($productId);
 
         return true;
     }
@@ -753,25 +756,36 @@ private function getProductFromLocalCache(string $sku, string $cacheKey)
     }
 
     /**
-     * Removes product in the local cache.
+     * Removes product in the local cache by sku.
      *
      * @param string $sku
      * @return void
      */
-    private function removeProductFromLocalCache(string $sku) :void
+    private function removeProductFromLocalCacheBySku(string $sku): void
     {
         $preparedSku = $this->prepareSku($sku);
         unset($this->instances[$preparedSku]);
     }
 
     /**
-     * Saves product in the local cache.
+     * Removes product in the local cache by id.
+     *
+     * @param string|null $id
+     * @return void
+     */
+    private function removeProductFromLocalCacheById(?string $id): void
+    {
+        unset($this->instancesById[$id]);
+    }
+
+    /**
+     * Saves product in the local cache by sku.
      *
      * @param Product $product
      * @param string $cacheKey
      * @return void
      */
-    private function saveProductInLocalCache(Product $product, string $cacheKey) : void
+    private function saveProductInLocalCache(Product $product, string $cacheKey): void
     {
         $preparedSku = $this->prepareSku($product->getSku());
         $this->instances[$preparedSku][$cacheKey] = $product;
@@ -800,8 +814,8 @@ private function prepareSku(string $sku): string
     private function saveProduct($product): void
     {
         try {
-            $this->removeProductFromLocalCache($product->getSku());
-            unset($this->instancesById[$product->getId()]);
+            $this->removeProductFromLocalCacheBySku($product->getSku());
+            $this->removeProductFromLocalCacheById($product->getId());
             $this->resourceModel->save($product);
         } catch (ConnectionException $exception) {
             throw new TemporaryCouldNotSaveException(
diff --git a/app/code/Magento/Catalog/Model/ResourceModel/Product/Image.php b/app/code/Magento/Catalog/Model/ResourceModel/Product/Image.php
index 77f67480619e0..febffde3b75a7 100644
--- a/app/code/Magento/Catalog/Model/ResourceModel/Product/Image.php
+++ b/app/code/Magento/Catalog/Model/ResourceModel/Product/Image.php
@@ -54,7 +54,7 @@ public function __construct(
     }
 
     /**
-     * Returns product images
+     * Get all product images.
      *
      * @return \Generator
      */
@@ -75,7 +75,28 @@ public function getAllProductImages(): \Generator
     }
 
     /**
-     * Get the number of unique pictures of products
+     * Get used product images.
+     *
+     * @return \Generator
+     */
+    public function getUsedProductImages(): \Generator
+    {
+        $batchSelectIterator = $this->batchQueryGenerator->generate(
+            'value_id',
+            $this->getUsedImagesSelect(),
+            $this->batchSize,
+            \Magento\Framework\DB\Query\BatchIteratorInterface::NON_UNIQUE_FIELD_ITERATOR
+        );
+
+        foreach ($batchSelectIterator as $select) {
+            foreach ($this->connection->fetchAll($select) as $key => $value) {
+                yield $key => $value;
+            }
+        }
+    }
+
+    /**
+     * Get the number of unique images of products.
      *
      * @return int
      */
@@ -92,7 +113,24 @@ public function getCountAllProductImages(): int
     }
 
     /**
-     * Return Select to fetch all products images
+     * Get the number of unique and used images of products.
+     *
+     * @return int
+     */
+    public function getCountUsedProductImages(): int
+    {
+        $select = $this->getUsedImagesSelect()
+            ->reset('columns')
+            ->reset('distinct')
+            ->columns(
+                new \Zend_Db_Expr('count(distinct value)')
+            );
+
+        return (int) $this->connection->fetchOne($select);
+    }
+
+    /**
+     * Return select to fetch all products images.
      *
      * @return Select
      */
@@ -106,4 +144,23 @@ private function getVisibleImagesSelect(): Select
                 'disabled = 0'
             );
     }
+
+    /**
+     * Return select to fetch all used product images.
+     *
+     * @return Select
+     */
+    private function getUsedImagesSelect(): Select
+    {
+        return $this->connection->select()->distinct()
+            ->from(
+                ['images' => $this->resourceConnection->getTableName(Gallery::GALLERY_TABLE)],
+                'value as filepath'
+            )->joinInner(
+                ['image_value' => $this->resourceConnection->getTableName(Gallery::GALLERY_VALUE_TABLE)],
+                'images.value_id = image_value.value_id'
+            )->where(
+                'images.disabled = 0 AND image_value.disabled = 0'
+            );
+    }
 }
diff --git a/app/code/Magento/Catalog/Test/Mftf/ActionGroup/AdminProductActionGroup.xml b/app/code/Magento/Catalog/Test/Mftf/ActionGroup/AdminProductActionGroup.xml
index 95e24f1f6fcfc..992d7fe644f22 100644
--- a/app/code/Magento/Catalog/Test/Mftf/ActionGroup/AdminProductActionGroup.xml
+++ b/app/code/Magento/Catalog/Test/Mftf/ActionGroup/AdminProductActionGroup.xml
@@ -485,4 +485,8 @@
         <click selector="{{AdminAddUpSellProductsModalSection.AddSelectedProductsButton}}" stepKey="addRelatedProductSelected"/>
         <waitForPageLoad stepKey="waitForPageToLoad1"/>
     </actionGroup>
+    <actionGroup name="AdminSetProductDisabled">
+        <conditionalClick selector="{{AdminProductFormSection.enableProductLabel}}" dependentSelector="{{AdminProductFormSection.productStatusValue('1')}}" visible="true" stepKey="disableProduct"/>
+        <seeElement selector="{{AdminProductFormSection.productStatusValue('2')}}" stepKey="assertThatProductSetToDisabled"/>
+    </actionGroup>
 </actionGroups>
diff --git a/app/code/Magento/Catalog/Test/Mftf/Section/AdminProductFormSection.xml b/app/code/Magento/Catalog/Test/Mftf/Section/AdminProductFormSection.xml
index 06f854bcc955c..42c15d3982ceb 100644
--- a/app/code/Magento/Catalog/Test/Mftf/Section/AdminProductFormSection.xml
+++ b/app/code/Magento/Catalog/Test/Mftf/Section/AdminProductFormSection.xml
@@ -21,6 +21,7 @@
         <element name="enableProductAttributeLabel" type="text" selector="//span[text()='Enable Product']/parent::label"/>
         <element name="enableProductAttributeLabelWrapper" type="text" selector="//span[text()='Enable Product']/parent::label/parent::div"/>
         <element name="productStatus" type="checkbox" selector="input[name='product[status]']"/>
+        <element name="productStatusValue" type="checkbox" selector="input[name='product[status]'][value='{{value}}']" timeout="30" parameterized="true"/>
         <element name="productStatusDisabled" type="checkbox" selector="input[name='product[status]'][disabled]"/>
         <element name="enableProductLabel" type="checkbox" selector="input[name='product[status]']+label"/>
         <element name="productStatusUseDefault" type="checkbox" selector="input[name='use_default[status]']"/>
diff --git a/app/code/Magento/Catalog/Test/Unit/Model/ProductRepositoryTest.php b/app/code/Magento/Catalog/Test/Unit/Model/ProductRepositoryTest.php
index cb92cc6c2d523..0dc294e139d3e 100644
--- a/app/code/Magento/Catalog/Test/Unit/Model/ProductRepositoryTest.php
+++ b/app/code/Magento/Catalog/Test/Unit/Model/ProductRepositoryTest.php
@@ -527,12 +527,14 @@ private function getProductMocksForReducedCache($productsCount)
         for ($i = 1; $i <= $productsCount; $i++) {
             $productMock = $this->getMockBuilder(Product::class)
                 ->disableOriginalConstructor()
-                ->setMethods([
+                ->setMethods(
+                    [
                     'getId',
                     'getSku',
                     'load',
                     'setData',
-                ])
+                    ]
+                )
                 ->getMock();
             $productMock->expects($this->once())->method('load');
             $productMock->expects($this->atLeastOnce())->method('getId')->willReturn($i);
@@ -679,7 +681,7 @@ public function testSaveException()
             ->willReturn(true);
         $this->resourceModel->expects($this->once())->method('save')->with($this->product)
             ->willThrowException(new \Magento\Eav\Model\Entity\Attribute\Exception(__('123')));
-        $this->product->expects($this->once())->method('getId')->willReturn(null);
+        $this->product->expects($this->exactly(2))->method('getId')->willReturn(null);
         $this->extensibleDataObjectConverter
             ->expects($this->once())
             ->method('toNestedArray')
@@ -703,7 +705,7 @@ public function testSaveInvalidProductException()
         $this->initializationHelper->expects($this->never())->method('initialize');
         $this->resourceModel->expects($this->once())->method('validate')->with($this->product)
             ->willReturn(['error1', 'error2']);
-        $this->product->expects($this->never())->method('getId');
+        $this->product->expects($this->once())->method('getId')->willReturn(null);
         $this->extensibleDataObjectConverter
             ->expects($this->once())
             ->method('toNestedArray')
@@ -1340,11 +1342,13 @@ public function testSaveWithDifferentWebsites()
             ->willReturn($storeMock);
         $this->storeManager->expects($this->once())
             ->method('getWebsites')
-            ->willReturn([
+            ->willReturn(
+                [
                 1 => ['first'],
                 2 => ['second'],
                 3 => ['third']
-            ]);
+                ]
+            );
         $this->product->expects($this->once())->method('setWebsiteIds')->willReturn([2,3]);
         $this->product->method('getSku')->willReturn('simple');
 
diff --git a/app/code/Magento/Catalog/Test/Unit/Model/ResourceModel/Product/ImageTest.php b/app/code/Magento/Catalog/Test/Unit/Model/ResourceModel/Product/ImageTest.php
index 4fce12dc2de89..af2cb6f06ed5a 100644
--- a/app/code/Magento/Catalog/Test/Unit/Model/ResourceModel/Product/ImageTest.php
+++ b/app/code/Magento/Catalog/Test/Unit/Model/ResourceModel/Product/ImageTest.php
@@ -16,6 +16,10 @@
 use PHPUnit_Framework_MockObject_MockObject as MockObject;
 use Magento\Framework\DB\Query\BatchIteratorInterface;
 
+/**
+ * Class ImageTest
+ * @package Magento\Catalog\Test\Unit\Model\ResourceModel\Product
+ */
 class ImageTest extends \PHPUnit\Framework\TestCase
 {
     /**
@@ -76,6 +80,37 @@ protected function getVisibleImagesSelectMock(): MockObject
         return $selectMock;
     }
 
+    /**
+     * @return MockObject
+     */
+    protected function getUsedImagesSelectMock(): MockObject
+    {
+        $selectMock = $this->getMockBuilder(Select::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $selectMock->expects($this->once())
+            ->method('distinct')
+            ->willReturnSelf();
+        $selectMock->expects($this->once())
+            ->method('from')
+            ->with(
+                ['images' => Gallery::GALLERY_TABLE],
+                'value as filepath'
+            )->willReturnSelf();
+        $selectMock->expects($this->once())
+            ->method('joinInner')
+            ->with(
+                ['image_value' => Gallery::GALLERY_VALUE_TABLE],
+                'images.value_id = image_value.value_id'
+            )->willReturnSelf();
+        $selectMock->expects($this->once())
+            ->method('where')
+            ->with('images.disabled = 0 AND image_value.disabled = 0')
+            ->willReturnSelf();
+
+        return $selectMock;
+    }
+
     /**
      * @param int $imagesCount
      * @dataProvider dataProvider
@@ -116,15 +151,53 @@ public function testGetCountAllProductImages(int $imagesCount): void
         );
     }
 
+    /**
+     * @param int $imagesCount
+     * @dataProvider dataProvider
+     */
+    public function testGetCountUsedProductImages(int $imagesCount): void
+    {
+        $selectMock = $this->getUsedImagesSelectMock();
+        $selectMock->expects($this->exactly(2))
+            ->method('reset')
+            ->withConsecutive(
+                ['columns'],
+                ['distinct']
+            )->willReturnSelf();
+        $selectMock->expects($this->once())
+            ->method('columns')
+            ->with(new \Zend_Db_Expr('count(distinct value)'))
+            ->willReturnSelf();
+
+        $this->connectionMock->expects($this->once())
+            ->method('select')
+            ->willReturn($selectMock);
+        $this->connectionMock->expects($this->once())
+            ->method('fetchOne')
+            ->with($selectMock)
+            ->willReturn($imagesCount);
+
+        $imageModel = $this->objectManager->getObject(
+            Image::class,
+            [
+                'generator' => $this->generatorMock,
+                'resourceConnection' => $this->resourceMock
+            ]
+        );
+
+        $this->assertSame(
+            $imagesCount,
+            $imageModel->getCountUsedProductImages()
+        );
+    }
+
     /**
      * @param int $imagesCount
      * @param int $batchSize
      * @dataProvider dataProvider
      */
-    public function testGetAllProductImages(
-        int $imagesCount,
-        int $batchSize
-    ): void {
+    public function testGetAllProductImages(int $imagesCount, int $batchSize): void
+    {
         $this->connectionMock->expects($this->once())
             ->method('select')
             ->willReturn($this->getVisibleImagesSelectMock());
@@ -165,6 +238,54 @@ public function testGetAllProductImages(
         $this->assertCount($imagesCount, $imageModel->getAllProductImages());
     }
 
+    /**
+     * @param int $imagesCount
+     * @param int $batchSize
+     * @dataProvider dataProvider
+     */
+    public function testGetUsedProductImages(int $imagesCount, int $batchSize): void
+    {
+        $this->connectionMock->expects($this->once())
+            ->method('select')
+            ->willReturn($this->getUsedImagesSelectMock());
+
+        $batchCount = (int)ceil($imagesCount / $batchSize);
+        $fetchResultsCallback = $this->getFetchResultCallbackForBatches($imagesCount, $batchSize);
+        $this->connectionMock->expects($this->exactly($batchCount))
+            ->method('fetchAll')
+            ->will($this->returnCallback($fetchResultsCallback));
+
+        /** @var Select | MockObject $selectMock */
+        $selectMock = $this->getMockBuilder(Select::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $this->generatorMock->expects($this->once())
+            ->method('generate')
+            ->with(
+                'value_id',
+                $selectMock,
+                $batchSize,
+                BatchIteratorInterface::NON_UNIQUE_FIELD_ITERATOR
+            )->will(
+                $this->returnCallback(
+                    $this->getBatchIteratorCallback($selectMock, $batchCount)
+                )
+            );
+
+        /** @var Image $imageModel */
+        $imageModel = $this->objectManager->getObject(
+            Image::class,
+            [
+                'generator' => $this->generatorMock,
+                'resourceConnection' => $this->resourceMock,
+                'batchSize' => $batchSize
+            ]
+        );
+
+        $this->assertCount($imagesCount, $imageModel->getUsedProductImages());
+    }
+
     /**
      * @param int $imagesCount
      * @param int $batchSize
diff --git a/app/code/Magento/CatalogInventory/Model/Quote/Item/QuantityValidator/Initializer/StockItem.php b/app/code/Magento/CatalogInventory/Model/Quote/Item/QuantityValidator/Initializer/StockItem.php
index 6fb0a949941ec..7a46780f2d783 100644
--- a/app/code/Magento/CatalogInventory/Model/Quote/Item/QuantityValidator/Initializer/StockItem.php
+++ b/app/code/Magento/CatalogInventory/Model/Quote/Item/QuantityValidator/Initializer/StockItem.php
@@ -7,8 +7,15 @@
 
 use Magento\Catalog\Model\ProductTypes\ConfigInterface;
 use Magento\CatalogInventory\Api\StockStateInterface;
+use Magento\CatalogInventory\Api\Data\StockItemInterface;
 use Magento\CatalogInventory\Model\Quote\Item\QuantityValidator\QuoteItemQtyList;
+use Magento\CatalogInventory\Model\Spi\StockStateProviderInterface;
+use Magento\Framework\App\ObjectManager;
+use Magento\Quote\Model\Quote\Item;
 
+/**
+ * Class StockItem initializes stock item and populates it with data
+ */
 class StockItem
 {
     /**
@@ -26,26 +33,35 @@ class StockItem
      */
     protected $stockState;
 
+    /**
+     * @var StockStateProviderInterface
+     */
+    private $stockStateProvider;
+
     /**
      * @param ConfigInterface $typeConfig
      * @param QuoteItemQtyList $quoteItemQtyList
      * @param StockStateInterface $stockState
+     * @param StockStateProviderInterface|null $stockStateProvider
      */
     public function __construct(
         ConfigInterface $typeConfig,
         QuoteItemQtyList $quoteItemQtyList,
-        StockStateInterface $stockState
+        StockStateInterface $stockState,
+        StockStateProviderInterface $stockStateProvider = null
     ) {
         $this->quoteItemQtyList = $quoteItemQtyList;
         $this->typeConfig = $typeConfig;
         $this->stockState = $stockState;
+        $this->stockStateProvider = $stockStateProvider ?: ObjectManager::getInstance()
+            ->get(StockStateProviderInterface::class);
     }
 
     /**
      * Initialize stock item
      *
-     * @param \Magento\CatalogInventory\Api\Data\StockItemInterface $stockItem
-     * @param \Magento\Quote\Model\Quote\Item $quoteItem
+     * @param StockItemInterface $stockItem
+     * @param Item $quoteItem
      * @param int $qty
      *
      * @return \Magento\Framework\DataObject
@@ -54,11 +70,14 @@ public function __construct(
      * @SuppressWarnings(PHPMD.NPathComplexity)
      */
     public function initialize(
-        \Magento\CatalogInventory\Api\Data\StockItemInterface $stockItem,
-        \Magento\Quote\Model\Quote\Item $quoteItem,
+        StockItemInterface $stockItem,
+        Item $quoteItem,
         $qty
     ) {
         $product = $quoteItem->getProduct();
+        $quoteItemId = $quoteItem->getId();
+        $quoteId = $quoteItem->getQuoteId();
+        $productId = $product->getId();
         /**
          * When we work with subitem
          */
@@ -68,14 +87,14 @@ public function initialize(
              * we are using 0 because original qty was processed
              */
             $qtyForCheck = $this->quoteItemQtyList
-                ->getQty($product->getId(), $quoteItem->getId(), $quoteItem->getQuoteId(), 0);
+                ->getQty($productId, $quoteItemId, $quoteId, 0);
         } else {
             $increaseQty = $quoteItem->getQtyToAdd() ? $quoteItem->getQtyToAdd() : $qty;
             $rowQty = $qty;
             $qtyForCheck = $this->quoteItemQtyList->getQty(
-                $product->getId(),
-                $quoteItem->getId(),
-                $quoteItem->getQuoteId(),
+                $productId,
+                $quoteItemId,
+                $quoteId,
                 $increaseQty
             );
         }
@@ -90,14 +109,20 @@ public function initialize(
 
         $stockItem->setProductName($product->getName());
 
+        /** @var \Magento\Framework\DataObject $result */
         $result = $this->stockState->checkQuoteItemQty(
-            $product->getId(),
+            $productId,
             $rowQty,
             $qtyForCheck,
             $qty,
             $product->getStore()->getWebsiteId()
         );
 
+        /* We need to ensure that any possible plugin will not erase the data */
+        $backOrdersQty = $this->stockStateProvider->checkQuoteItemQty($stockItem, $rowQty, $qtyForCheck, $qty)
+            ->getItemBackorders();
+        $result->setItemBackorders($backOrdersQty);
+
         if ($stockItem->hasIsChildItem()) {
             $stockItem->unsIsChildItem();
         }
diff --git a/app/code/Magento/CatalogInventory/Test/Unit/Model/Quote/Item/QuantityValidator/Initializer/StockItemTest.php b/app/code/Magento/CatalogInventory/Test/Unit/Model/Quote/Item/QuantityValidator/Initializer/StockItemTest.php
index 8c9a1aa7715ec..01dab7fce3323 100644
--- a/app/code/Magento/CatalogInventory/Test/Unit/Model/Quote/Item/QuantityValidator/Initializer/StockItemTest.php
+++ b/app/code/Magento/CatalogInventory/Test/Unit/Model/Quote/Item/QuantityValidator/Initializer/StockItemTest.php
@@ -8,6 +8,7 @@
 use Magento\CatalogInventory\Model\Quote\Item\QuantityValidator\QuoteItemQtyList;
 
 /**
+ * Class StockItemTest
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
 class StockItemTest extends \PHPUnit\Framework\TestCase
@@ -28,10 +29,18 @@ class StockItemTest extends \PHPUnit\Framework\TestCase
     protected $typeConfig;
 
     /**
-     * @var \PHPUnit_Framework_MockObject_MockObject
+     * @var \Magento\CatalogInventory\Api\StockStateInterface\PHPUnit_Framework_MockObject_MockObject
      */
     protected $stockStateMock;
 
+    /**
+     * @var \Magento\CatalogInventory\Model\StockStateProviderInterface| \PHPUnit_Framework_MockObject_MockObject
+     */
+    private $stockStateProviderMock;
+
+    /**
+     * @inheritdoc
+     */
     protected function setUp()
     {
         $this->quoteItemQtyList = $this
@@ -48,17 +57,25 @@ protected function setUp()
         $this->stockStateMock = $this->getMockBuilder(\Magento\CatalogInventory\Api\StockStateInterface::class)
             ->disableOriginalConstructor()
             ->getMock();
+
+        $this->stockStateProviderMock = $this
+            ->getMockBuilder(\Magento\CatalogInventory\Model\StockStateProvider::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+
         $this->model = $objectManagerHelper->getObject(
             \Magento\CatalogInventory\Model\Quote\Item\QuantityValidator\Initializer\StockItem::class,
             [
                 'quoteItemQtyList' => $this->quoteItemQtyList,
                 'typeConfig' => $this->typeConfig,
-                'stockState' => $this->stockStateMock
+                'stockState' => $this->stockStateMock,
+                'stockStateProvider' => $this->stockStateProviderMock
             ]
         );
     }
 
     /**
+     * Test initialize with Subitem
      * @SuppressWarnings(PHPMD.ExcessiveMethodLength)
      */
     public function testInitializeWithSubitem()
@@ -141,6 +158,10 @@ public function testInitializeWithSubitem()
             ->method('checkQuoteItemQty')
             ->withAnyParameters()
             ->will($this->returnValue($result));
+        $this->stockStateProviderMock->expects($this->once())
+            ->method('checkQuoteItemQty')
+            ->withAnyParameters()
+            ->will($this->returnValue($result));
         $product->expects($this->once())
             ->method('getCustomOption')
             ->with('product_type')
@@ -177,13 +198,16 @@ public function testInitializeWithSubitem()
         $quoteItem->expects($this->once())->method('setUseOldQty')->with('item')->will($this->returnSelf());
         $result->expects($this->exactly(2))->method('getMessage')->will($this->returnValue('message'));
         $quoteItem->expects($this->once())->method('setMessage')->with('message')->will($this->returnSelf());
-        $result->expects($this->exactly(2))->method('getItemBackorders')->will($this->returnValue('backorders'));
+        $result->expects($this->exactly(3))->method('getItemBackorders')->will($this->returnValue('backorders'));
         $quoteItem->expects($this->once())->method('setBackorders')->with('backorders')->will($this->returnSelf());
         $quoteItem->expects($this->once())->method('setStockStateResult')->with($result)->will($this->returnSelf());
 
         $this->model->initialize($stockItem, $quoteItem, $qty);
     }
 
+    /**
+     * Test initialize without Subitem
+     */
     public function testInitializeWithoutSubitem()
     {
         $qty = 3;
@@ -234,6 +258,10 @@ public function testInitializeWithoutSubitem()
             ->with($productId, 'quote_item_id', 'quote_id', $qty)
             ->will($this->returnValue('summary_qty'));
         $this->stockStateMock->expects($this->once())
+                ->method('checkQuoteItemQty')
+                ->withAnyParameters()
+                ->will($this->returnValue($result));
+        $this->stockStateProviderMock->expects($this->once())
             ->method('checkQuoteItemQty')
             ->withAnyParameters()
             ->will($this->returnValue($result));
@@ -256,7 +284,7 @@ public function testInitializeWithoutSubitem()
         $result->expects($this->once())->method('getHasQtyOptionUpdate')->will($this->returnValue(false));
         $result->expects($this->once())->method('getItemUseOldQty')->will($this->returnValue(null));
         $result->expects($this->once())->method('getMessage')->will($this->returnValue(null));
-        $result->expects($this->once())->method('getItemBackorders')->will($this->returnValue(null));
+        $result->expects($this->exactly(2))->method('getItemBackorders')->will($this->returnValue(null));
 
         $this->model->initialize($stockItem, $quoteItem, $qty);
     }
diff --git a/app/code/Magento/Checkout/Block/Cart/Totals.php b/app/code/Magento/Checkout/Block/Cart/Totals.php
index 7ac5c1c149cc6..131e5b157c77a 100644
--- a/app/code/Magento/Checkout/Block/Cart/Totals.php
+++ b/app/code/Magento/Checkout/Block/Cart/Totals.php
@@ -8,6 +8,7 @@
 
 use Magento\Framework\View\Element\BlockInterface;
 use Magento\Checkout\Block\Checkout\LayoutProcessorInterface;
+use Magento\Sales\Model\ConfigInterface;
 
 /**
  * Totals cart block.
@@ -45,7 +46,7 @@ class Totals extends \Magento\Checkout\Block\Cart\AbstractCart
      * @param \Magento\Framework\View\Element\Template\Context $context
      * @param \Magento\Customer\Model\Session $customerSession
      * @param \Magento\Checkout\Model\Session $checkoutSession
-     * @param \Magento\Sales\Model\Config $salesConfig
+     * @param ConfigInterface $salesConfig
      * @param array $layoutProcessors
      * @param array $data
      * @codeCoverageIgnore
@@ -54,7 +55,7 @@ public function __construct(
         \Magento\Framework\View\Element\Template\Context $context,
         \Magento\Customer\Model\Session $customerSession,
         \Magento\Checkout\Model\Session $checkoutSession,
-        \Magento\Sales\Model\Config $salesConfig,
+        ConfigInterface $salesConfig,
         array $layoutProcessors = [],
         array $data = []
     ) {
diff --git a/app/code/Magento/Checkout/view/frontend/templates/onepage/failure.phtml b/app/code/Magento/Checkout/view/frontend/templates/onepage/failure.phtml
index 3888ec6504982..ace2b0464171c 100644
--- a/app/code/Magento/Checkout/view/frontend/templates/onepage/failure.phtml
+++ b/app/code/Magento/Checkout/view/frontend/templates/onepage/failure.phtml
@@ -13,7 +13,7 @@
     <p><?= $block->escapeHtml($error) ?></p>
 <?php endif ?>
 <p><?= $block->escapeHtml(
-    _('Click <a href="%1">here</a> to continue shopping.', $block->escapeUrl($block->getContinueShoppingUrl())),
+    __('Click <a href="%1">here</a> to continue shopping.', $block->escapeUrl($block->getContinueShoppingUrl())),
     ['a']
 ) ?>
 </p>
diff --git a/app/code/Magento/Customer/Block/Adminhtml/Edit/Tab/Newsletter/Grid/Renderer/Action.php b/app/code/Magento/Customer/Block/Adminhtml/Edit/Tab/Newsletter/Grid/Renderer/Action.php
index 43d9af36a5652..500646c8e05a7 100644
--- a/app/code/Magento/Customer/Block/Adminhtml/Edit/Tab/Newsletter/Grid/Renderer/Action.php
+++ b/app/code/Magento/Customer/Block/Adminhtml/Edit/Tab/Newsletter/Grid/Renderer/Action.php
@@ -10,6 +10,11 @@
  */
 class Action extends \Magento\Backend\Block\Widget\Grid\Column\Renderer\AbstractRenderer
 {
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * Core registry
      *
@@ -21,17 +26,24 @@ class Action extends \Magento\Backend\Block\Widget\Grid\Column\Renderer\Abstract
      * @param \Magento\Backend\Block\Context $context
      * @param \Magento\Framework\Registry $registry
      * @param array $data
+     * @param \Magento\Framework\Escaper|null $escaper
      */
     public function __construct(
         \Magento\Backend\Block\Context $context,
         \Magento\Framework\Registry $registry,
-        array $data = []
+        array $data = [],
+        \Magento\Framework\Escaper $escaper = null
     ) {
         $this->_coreRegistry = $registry;
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
         parent::__construct($context, $data);
     }
 
     /**
+     * Render actions
+     *
      * @param \Magento\Framework\DataObject $row
      * @return string
      */
@@ -57,15 +69,20 @@ public function render(\Magento\Framework\DataObject $row)
     }
 
     /**
+     * Retrieve escaped value
+     *
      * @param string $value
      * @return string
      */
     protected function _getEscapedValue($value)
     {
-        return addcslashes(htmlspecialchars($value), '\\\'');
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
+        return addcslashes($this->escaper->escapeHtml($value), '\\\'');
     }
 
     /**
+     * Actions to html
+     *
      * @param array $actions
      * @return string
      */
diff --git a/app/code/Magento/Customer/Block/Adminhtml/Edit/Tab/Wishlist/Grid/Renderer/Description.php b/app/code/Magento/Customer/Block/Adminhtml/Edit/Tab/Wishlist/Grid/Renderer/Description.php
index d0b47886dca7e..aef91184fc782 100644
--- a/app/code/Magento/Customer/Block/Adminhtml/Edit/Tab/Wishlist/Grid/Renderer/Description.php
+++ b/app/code/Magento/Customer/Block/Adminhtml/Edit/Tab/Wishlist/Grid/Renderer/Description.php
@@ -18,6 +18,6 @@ class Description extends \Magento\Backend\Block\Widget\Grid\Column\Renderer\Abs
      */
     public function render(\Magento\Framework\DataObject $row)
     {
-        return nl2br(htmlspecialchars($row->getData($this->getColumn()->getIndex())));
+        return nl2br($this->escapeHtml($row->getData($this->getColumn()->getIndex())));
     }
 }
diff --git a/app/code/Magento/Customer/Model/Address/Validator/Country.php b/app/code/Magento/Customer/Model/Address/Validator/Country.php
index fdc5510d1d2e0..43859dc102a7c 100644
--- a/app/code/Magento/Customer/Model/Address/Validator/Country.php
+++ b/app/code/Magento/Customer/Model/Address/Validator/Country.php
@@ -16,6 +16,11 @@
  */
 class Country implements ValidatorInterface
 {
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * @var Data
      */
@@ -29,13 +34,18 @@ class Country implements ValidatorInterface
     /**
      * @param Data $directoryData
      * @param AllowedCountries $allowedCountriesReader
+     * @param \Magento\Framework\Escaper|null $escaper
      */
     public function __construct(
         Data $directoryData,
-        AllowedCountries $allowedCountriesReader
+        AllowedCountries $allowedCountriesReader,
+        \Magento\Framework\Escaper $escaper = null
     ) {
         $this->directoryData = $directoryData;
         $this->allowedCountriesReader = $allowedCountriesReader;
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
     }
 
     /**
@@ -67,7 +77,7 @@ private function validateCountry(AbstractAddress $address)
             //Checking if such country exists.
             $errors[] = __(
                 'Invalid value of "%value" provided for the %fieldName field.',
-                ['fieldName' => 'countryId', 'value' => htmlspecialchars($countryId)]
+                ['fieldName' => 'countryId', 'value' => $this->escaper->escapeHtml($countryId)]
             );
         }
 
@@ -104,7 +114,7 @@ private function validateRegion(AbstractAddress $address)
             //If a region is selected then checking if it exists.
             $errors[] = __(
                 'Invalid value of "%value" provided for the %fieldName field.',
-                ['fieldName' => 'regionId', 'value' => htmlspecialchars($regionId)]
+                ['fieldName' => 'regionId', 'value' => $this->escaper->escapeHtml($regionId)]
             );
         }
 
diff --git a/app/code/Magento/Customer/Test/Mftf/ActionGroup/AdminCreateCustomerWithWebsiteAndStoreViewActionGroup.xml b/app/code/Magento/Customer/Test/Mftf/ActionGroup/AdminCreateCustomerWithWebsiteAndStoreViewActionGroup.xml
index 37149e23dc87e..02366415d9edb 100644
--- a/app/code/Magento/Customer/Test/Mftf/ActionGroup/AdminCreateCustomerWithWebsiteAndStoreViewActionGroup.xml
+++ b/app/code/Magento/Customer/Test/Mftf/ActionGroup/AdminCreateCustomerWithWebsiteAndStoreViewActionGroup.xml
@@ -46,15 +46,13 @@
     <actionGroup name="AdminCreateCustomerWithWebSiteAndGroup">
         <arguments>
             <argument name="customerData" defaultValue="Simple_US_Customer"/>
-            <argument name="website" type="string" defaultValue="customWebsite"/>
-            <argument name="storeView" type="string" defaultValue="customStore"/>
+            <argument name="website" type="string" defaultValue="{{_defaultWebsite.name}}"/>
+            <argument name="storeView" type="string" defaultValue="{{_defaultStore.name}}"/>
         </arguments>
         <amOnPage url="{{AdminCustomerPage.url}}" stepKey="goToCustomersPage"/>
         <click stepKey="addNewCustomer" selector="{{AdminCustomerGridMainActionsSection.addNewCustomer}}"/>
         <selectOption stepKey="selectWebSite" selector="{{AdminCustomerAccountInformationSection.associateToWebsite}}" userInput="{{website}}"/>
-        <click selector="{{AdminCustomerAccountInformationSection.group}}" stepKey="ClickToExpandGroup"/>
-        <waitForElement selector="{{AdminProductFormAdvancedPricingSection.productTierPriceGroupOrCatalogOption('Default (General)')}}" stepKey="waitForCustomerGroupExpand"/>
-        <click selector="{{AdminCustomerAccountInformationSection.groupValue('Default (General)')}}" after="waitForCustomerGroupExpand" stepKey="ClickToSelectGroup"/>
+        <selectOption selector="{{AdminCustomerAccountInformationSection.group}}" userInput="{{customerData.group}}" stepKey="selectCustomerGroup"/>
         <fillField stepKey="FillFirstName" selector="{{AdminCustomerAccountInformationSection.firstName}}" userInput="{{customerData.firstname}}"/>
         <fillField stepKey="FillLastName" selector="{{AdminCustomerAccountInformationSection.lastName}}" userInput="{{customerData.lastname}}"/>
         <fillField stepKey="FillEmail" selector="{{AdminCustomerAccountInformationSection.email}}" userInput="{{customerData.email}}"/>
diff --git a/app/code/Magento/Customer/Test/Mftf/Data/CustomerData.xml b/app/code/Magento/Customer/Test/Mftf/Data/CustomerData.xml
index ddc58ff6b250d..55bc9b56c7917 100644
--- a/app/code/Magento/Customer/Test/Mftf/Data/CustomerData.xml
+++ b/app/code/Magento/Customer/Test/Mftf/Data/CustomerData.xml
@@ -44,6 +44,7 @@
         <data key="password">pwdTest123!</data>
         <data key="store_id">0</data>
         <data key="website_id">0</data>
+        <data key="group">General</data>
         <requiredEntity type="address">US_Address_TX</requiredEntity>
     </entity>
     <entity name="SimpleUsCustomerWithNewCustomerGroup" type="customer">
diff --git a/app/code/Magento/Customer/Test/Mftf/Test/AdminVerifyCustomerAddressStateContainValuesOnceTest.xml b/app/code/Magento/Customer/Test/Mftf/Test/AdminVerifyCustomerAddressStateContainValuesOnceTest.xml
new file mode 100644
index 0000000000000..daab5fd2061fb
--- /dev/null
+++ b/app/code/Magento/Customer/Test/Mftf/Test/AdminVerifyCustomerAddressStateContainValuesOnceTest.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
+    <test name="AdminVerifyCustomerAddressStateContainValuesOnceTest">
+        <annotations>
+            <features value="Customer"/>
+            <stories value="Update Customer Address"/>
+            <title value="State/Province dropdown contain values once"/>
+            <description value="When editing a customer in the backend from the Magento Admin Panel the State/Province should only be listed once"/>
+            <severity value="MAJOR"/>
+            <testCaseId value="MAGETWO-99461"/>
+            <useCaseId value="MAGETWO-99302"/>
+            <group value="customer"/>
+        </annotations>
+        <before>
+            <createData entity="Simple_US_Customer_Multiple_Addresses" stepKey="firstCustomer"/>
+            <actionGroup ref="LoginAsAdmin" stepKey="login"/>
+        </before>
+        <after>
+            <deleteData createDataKey="firstCustomer" stepKey="deleteFirstCustomer"/>
+            <actionGroup ref="AdminDeleteCustomerActionGroup" stepKey="deleteSecondCustomer">
+                <argument name="customerEmail" value="Simple_US_Customer.email"/>
+            </actionGroup>
+            <actionGroup ref="AdminClearCustomersFiltersActionGroup" stepKey="clearFilters"/>
+            <actionGroup ref="logout" stepKey="logout"/>
+        </after>
+
+        <!-- Go to Customers > All Customers.-->
+        <amOnPage url="{{AdminCustomerPage.url}}" stepKey="openCustomersGridPage"/>
+
+        <!--Select created customer, Click Edit mode-->
+        <actionGroup ref="OpenEditCustomerFromAdminActionGroup" stepKey="openEditCustomerPageWithAddresses">
+            <argument name="customer" value="$$firstCustomer$$"/>
+        </actionGroup>
+
+        <!--Select Addresses tab-->
+        <click selector="{{AdminEditCustomerInformationSection.addresses}}" stepKey="openAddressesTabOfFirstCustomer"/>
+        <waitForPageLoad stepKey="waitForAddressesOfFirstCustomer"/>
+
+        <!--Click on Edit link for Default Billing Address-->
+        <click selector="{{AdminCustomerAddressesDefaultBillingSection.editButton}}" stepKey="clickEditDefaultBillingAddress"/>
+        <waitForPageLoad stepKey="waitForCustomerAddressAddUpdateFormLoad"/>
+
+        <!--Check that State/Province drop down contain all values once-->
+        <seeNumberOfElements userInput="1" selector="{{AdminCustomerAddressesSection.regionId(US_Address_NY.state)}}" stepKey="seeOnlyOneRegionInSelectStateForFirstCustomer"/>
+
+        <!--Go to Customers > All customers, Click Add new Customers, fill all necessary fields, Save-->
+        <actionGroup ref="AdminCreateCustomerWithWebSiteAndGroup" stepKey="createSimpleUSCustomerWithoutAddress"/>
+
+        <!--Select new created customer, Click Edit mode-->
+        <actionGroup ref="OpenEditCustomerFromAdminActionGroup" stepKey="openEditCustomerPageWithoutAddresses">
+            <argument name="customer" value="Simple_US_Customer"/>
+        </actionGroup>
+
+        <!--Select Addresses tab, Click on  create new addresses btn-->
+        <click selector="{{AdminEditCustomerInformationSection.addresses}}" stepKey="openAddressesTabOfSecondCustomer"/>
+        <waitForPageLoad stepKey="waitForAddressesOfSecondCustomer"/>
+        <click selector="{{AdminCustomerAddressesSection.addNewAddress}}" stepKey="clickAddNewAddressButton"/>
+        <waitForPageLoad stepKey="waitForAddUpdateCustomerAddressForm"/>
+
+        <!--Select Country = United States and check that State/Province drop down contain all values once-->
+        <click selector="{{AdminCustomerAddressesSection.country}}" stepKey="clickCountryToOpenListOfCountries"/>
+        <click selector="{{AdminCustomerAddressesSection.countryId(US_Address_NY.country_id)}}" stepKey="fillCountry"/>
+        <seeNumberOfElements userInput="1" selector="{{AdminCustomerAddressesSection.regionId(US_Address_NY.state)}}" stepKey="seeOnlyOneRegionInSelectStateForSecondCustomer"/>
+    </test>
+</tests>
diff --git a/app/code/Magento/Customer/Test/Unit/Model/Address/Validator/CountryTest.php b/app/code/Magento/Customer/Test/Unit/Model/Address/Validator/CountryTest.php
index f26a5ba2dbb76..1e5d44e22adcb 100644
--- a/app/code/Magento/Customer/Test/Unit/Model/Address/Validator/CountryTest.php
+++ b/app/code/Magento/Customer/Test/Unit/Model/Address/Validator/CountryTest.php
@@ -35,11 +35,17 @@ protected function setUp()
             \Magento\Directory\Model\AllowedCountries::class,
             ['getAllowedCountries']
         );
+
+        $escaper = $this->objectManager->getObject(
+            \Magento\Framework\Escaper::class
+        );
+
         $this->model = $this->objectManager->getObject(
             \Magento\Customer\Model\Address\Validator\Country::class,
             [
                 'directoryData' => $this->directoryDataMock,
                 'allowedCountriesReader' => $this->allowedCountriesReaderMock,
+                'escaper' => $escaper
             ]
         );
     }
diff --git a/app/code/Magento/Customer/view/adminhtml/ui_component/customer_address_form.xml b/app/code/Magento/Customer/view/adminhtml/ui_component/customer_address_form.xml
index 35f0ed8f1dae2..692cb2ecb964d 100644
--- a/app/code/Magento/Customer/view/adminhtml/ui_component/customer_address_form.xml
+++ b/app/code/Magento/Customer/view/adminhtml/ui_component/customer_address_form.xml
@@ -215,7 +215,6 @@
                             <target>${ $.provider }:${ $.parentScope }.country_id</target>
                         </filterBy>
                         <customEntry>region</customEntry>
-                        <options class="Magento\Directory\Model\ResourceModel\Region\Collection"/>
                     </settings>
                 </select>
             </formElements>
diff --git a/app/code/Magento/CustomerImportExport/Model/Import/CustomerComposite.php b/app/code/Magento/CustomerImportExport/Model/Import/CustomerComposite.php
index 2086f41d27fa6..0f4c5f82bfe1d 100644
--- a/app/code/Magento/CustomerImportExport/Model/Import/CustomerComposite.php
+++ b/app/code/Magento/CustomerImportExport/Model/Import/CustomerComposite.php
@@ -270,6 +270,10 @@ protected function _initAddressAttributes()
     protected function _importData()
     {
         $result = $this->_customerEntity->importData();
+        $this->countItemsCreated += $this->_customerEntity->getCreatedItemsCount();
+        $this->countItemsUpdated += $this->_customerEntity->getUpdatedItemsCount();
+        $this->countItemsDeleted += $this->_customerEntity->getDeletedItemsCount();
+
         if ($this->getBehavior() != \Magento\ImportExport\Model\Import::BEHAVIOR_DELETE) {
             return $result && $this->_addressEntity->setCustomerAttributes($this->_customerAttributes)->importData();
         }
diff --git a/app/code/Magento/Deploy/Package/Processor/PostProcessor/CssUrls.php b/app/code/Magento/Deploy/Package/Processor/PostProcessor/CssUrls.php
index 1c139d5682df1..667232313a871 100644
--- a/app/code/Magento/Deploy/Package/Processor/PostProcessor/CssUrls.php
+++ b/app/code/Magento/Deploy/Package/Processor/PostProcessor/CssUrls.php
@@ -69,6 +69,7 @@ public function process(Package $package, array $options)
         /** @var PackageFile $file */
         foreach (array_keys($package->getMap()) as $fileId) {
             $filePath = str_replace(\Magento\Framework\View\Asset\Repository::FILE_ID_SEPARATOR, '/', $fileId);
+            // phpcs:ignore Magento2.Functions.DiscouragedFunction
             if (strtolower(pathinfo($fileId, PATHINFO_EXTENSION)) == 'css') {
                 $urlMap = $this->parseCss(
                     $urlMap,
@@ -100,6 +101,7 @@ private function parseCss(array $urlMap, $cssFilePath, $packagePath, $cssContent
     {
         $cssFilePath = $this->minification->addMinifiedSign($cssFilePath);
 
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
         $cssFileBasePath = pathinfo($cssFilePath, PATHINFO_DIRNAME);
         $urls = $this->getCssUrls($cssContent);
         foreach ($urls as $url) {
@@ -124,8 +126,21 @@ private function parseCss(array $urlMap, $cssFilePath, $packagePath, $cssContent
                         . str_repeat('../', count(explode('/', $cssFileBasePath)))
                         . $this->minification->addMinifiedSign($matchedFile->getDeployedFilePath())
                 ];
+            } else {
+                $filePathInBase = $package->getArea() .
+                    '/' . Package::BASE_THEME .
+                    '/' . $package->getLocale() .
+                    '/' . $lookupFileId;
+                if ($this->staticDir->isReadable($this->minification->addMinifiedSign($filePathInBase))) {
+                    $urlMap[$url][] = [
+                        'filePath' => $this->minification->addMinifiedSign($packagePath . '/' . $cssFilePath),
+                        'replace' => str_repeat('../', count(explode('/', $cssFileBasePath)) + 4)
+                            . $this->minification->addMinifiedSign($filePathInBase),
+                    ];
+                }
             }
         }
+
         return $urlMap;
     }
 
diff --git a/app/code/Magento/Directory/Model/ResourceModel/Country.php b/app/code/Magento/Directory/Model/ResourceModel/Country.php
index 59fb2de85c8a3..da6b478a9d664 100644
--- a/app/code/Magento/Directory/Model/ResourceModel/Country.php
+++ b/app/code/Magento/Directory/Model/ResourceModel/Country.php
@@ -13,6 +13,27 @@
  */
 class Country extends \Magento\Framework\Model\ResourceModel\Db\AbstractDb
 {
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
+    /**
+     * @param \Magento\Framework\Model\ResourceModel\Db\Context $context
+     * @param null|string $connectionName
+     * @param \Magento\Framework\Escaper|null $escaper
+     */
+    public function __construct(
+        \Magento\Framework\Model\ResourceModel\Db\Context $context,
+        ?string $connectionName = null,
+        \Magento\Framework\Escaper $escaper = null
+    ) {
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
+        parent::__construct($context, $connectionName);
+    }
+
     /**
      * Resource initialization
      *
@@ -44,7 +65,7 @@ public function loadByCode(\Magento\Directory\Model\Country $country, $code)
 
             default:
                 throw new \Magento\Framework\Exception\LocalizedException(
-                    __('Please correct the country code: %1.', htmlspecialchars($code))
+                    __('Please correct the country code: %1.', $this->escaper->escapeHtml($code))
                 );
         }
 
diff --git a/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Action.php b/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Action.php
index a2ba63d78d144..65f9e41b074a3 100644
--- a/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Action.php
+++ b/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Action.php
@@ -41,7 +41,8 @@ public function render(\Magento\Framework\DataObject $row)
      */
     protected function _getEscapedValue($value)
     {
-        return addcslashes(htmlspecialchars($value), '\\\'');
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
+        return addcslashes($this->escapeHtml($value), '\\\'');
     }
 
     /**
diff --git a/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Sender.php b/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Sender.php
index 24c39884661ca..005d211a8962e 100644
--- a/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Sender.php
+++ b/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Sender.php
@@ -23,7 +23,7 @@ public function render(\Magento\Framework\DataObject $row)
         $str = '';
 
         if ($row->getTemplateSenderName()) {
-            $str .= htmlspecialchars($row->getTemplateSenderName()) . ' ';
+            $str .= $this->escapeHtml($row->getTemplateSenderName()) . ' ';
         }
 
         if ($row->getTemplateSenderEmail()) {
diff --git a/app/code/Magento/Email/Block/Adminhtml/Template/Preview.php b/app/code/Magento/Email/Block/Adminhtml/Template/Preview.php
index 5f22a36510c4e..1ea6e3f921bc6 100644
--- a/app/code/Magento/Email/Block/Adminhtml/Template/Preview.php
+++ b/app/code/Magento/Email/Block/Adminhtml/Template/Preview.php
@@ -12,6 +12,8 @@
 namespace Magento\Email\Block\Adminhtml\Template;
 
 /**
+ * Template Preview Block
+ *
  * @api
  * @since 100.0.2
  */
@@ -80,7 +82,7 @@ protected function _toHtml()
         $template->revertDesign();
 
         if ($template->isPlain()) {
-            $templateProcessed = "<pre>" . htmlspecialchars($templateProcessed) . "</pre>";
+            $templateProcessed = "<pre>" . $this->escapeHtml($templateProcessed) . "</pre>";
         }
 
         \Magento\Framework\Profiler::stop($this->profilerName);
diff --git a/app/code/Magento/Email/Model/Template/Filter.php b/app/code/Magento/Email/Model/Template/Filter.php
index 1d8218f90a0b2..aa018d6fd44d6 100644
--- a/app/code/Magento/Email/Model/Template/Filter.php
+++ b/app/code/Magento/Email/Model/Template/Filter.php
@@ -321,6 +321,8 @@ public function setDesignParams(array $designParams)
     }
 
     /**
+     * Retrieve CSS processor
+     *
      * @deprecated 100.1.2
      * @return Css\Processor
      */
@@ -333,6 +335,8 @@ private function getCssProcessor()
     }
 
     /**
+     * Retrieve pub directory
+     *
      * @deprecated 100.1.2
      * @param string $dirType
      * @return ReadInterface
@@ -516,6 +520,7 @@ public function viewDirective($construction)
      */
     public function mediaDirective($construction)
     {
+        // phpcs:disable Magento2.Functions.DiscouragedFunction
         $params = $this->getParameters(html_entity_decode($construction[2], ENT_QUOTES));
         return $this->_storeManager->getStore()
             ->getBaseUrl(\Magento\Framework\UrlInterface::URL_TYPE_MEDIA) . $params['url'];
@@ -523,6 +528,7 @@ public function mediaDirective($construction)
 
     /**
      * Retrieve store URL directive
+     *
      * Support url and direct_url properties
      *
      * @param string[] $construction
@@ -607,7 +613,7 @@ protected function getTransParameters($value)
         if (preg_match(self::TRANS_DIRECTIVE_REGEX, $value, $matches) !== 1) {
             return ['', []];  // malformed directive body; return without breaking list
         }
-
+        // phpcs:disable Magento2.Functions.DiscouragedFunction
         $text = stripslashes($matches[2]);
 
         $params = [];
@@ -683,7 +689,7 @@ protected function applyModifiers($value, $modifiers)
                     $callback = $modifier;
                 }
                 array_unshift($params, $value);
-                $value = call_user_func_array($callback, $params);
+                $value = $callback(...$params);
             }
         }
         return $value;
@@ -700,7 +706,7 @@ public function modifierEscape($value, $type = 'html')
     {
         switch ($type) {
             case 'html':
-                return htmlspecialchars($value, ENT_QUOTES);
+                return $this->_escaper->escapeHtml($value);
 
             case 'htmlentities':
                 return htmlentities($value, ENT_QUOTES);
@@ -950,6 +956,7 @@ public function getCssFilesContent(array $files)
             }
         } catch (ContentProcessorException $exception) {
             $css = $exception->getMessage();
+            // phpcs:disable Magento2.Exceptions.ThrowCatch
         } catch (\Magento\Framework\View\Asset\File\NotFoundException $exception) {
             $css = '';
         }
@@ -958,6 +965,8 @@ public function getCssFilesContent(array $files)
     }
 
     /**
+     * Apply Inline CSS
+     *
      * Merge HTML and CSS and return HTML that has CSS styles applied "inline" to the HTML tags. This is necessary
      * in order to support all email clients.
      *
diff --git a/app/code/Magento/Email/Test/Unit/Block/Adminhtml/Template/Grid/Renderer/SenderTest.php b/app/code/Magento/Email/Test/Unit/Block/Adminhtml/Template/Grid/Renderer/SenderTest.php
index b9a555c3207fc..1a493e23adb53 100644
--- a/app/code/Magento/Email/Test/Unit/Block/Adminhtml/Template/Grid/Renderer/SenderTest.php
+++ b/app/code/Magento/Email/Test/Unit/Block/Adminhtml/Template/Grid/Renderer/SenderTest.php
@@ -18,7 +18,15 @@ class SenderTest extends \PHPUnit\Framework\TestCase
     protected function setUp()
     {
         $objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
-        $this->sender = $objectManager->getObject(\Magento\Email\Block\Adminhtml\Template\Grid\Renderer\Sender::class);
+        $escaper = $objectManager->getObject(
+            \Magento\Framework\Escaper::class
+        );
+        $this->sender = $objectManager->getObject(
+            \Magento\Email\Block\Adminhtml\Template\Grid\Renderer\Sender::class,
+            [
+                'escaper' => $escaper
+            ]
+        );
     }
 
     /**
diff --git a/app/code/Magento/Email/Test/Unit/Model/Template/FilterTest.php b/app/code/Magento/Email/Test/Unit/Model/Template/FilterTest.php
index b5b2cb095a4a6..2c9fdae111fd8 100644
--- a/app/code/Magento/Email/Test/Unit/Model/Template/FilterTest.php
+++ b/app/code/Magento/Email/Test/Unit/Model/Template/FilterTest.php
@@ -104,9 +104,7 @@ protected function setUp()
             ->disableOriginalConstructor()
             ->getMock();
 
-        $this->escaper = $this->getMockBuilder(\Magento\Framework\Escaper::class)
-            ->disableOriginalConstructor()
-            ->getMock();
+        $this->escaper = $this->objectManager->getObject(\Magento\Framework\Escaper::class);
 
         $this->assetRepo = $this->getMockBuilder(\Magento\Framework\View\Asset\Repository::class)
             ->disableOriginalConstructor()
@@ -158,23 +156,25 @@ protected function setUp()
     protected function getModel($mockedMethods = null)
     {
         return $this->getMockBuilder(\Magento\Email\Model\Template\Filter::class)
-            ->setConstructorArgs([
-                $this->string,
-                $this->logger,
-                $this->escaper,
-                $this->assetRepo,
-                $this->scopeConfig,
-                $this->coreVariableFactory,
-                $this->storeManager,
-                $this->layout,
-                $this->layoutFactory,
-                $this->appState,
-                $this->backendUrlBuilder,
-                $this->emogrifier,
-                $this->configVariables,
-                [],
-                $this->cssInliner,
-            ])
+            ->setConstructorArgs(
+                [
+                    $this->string,
+                    $this->logger,
+                    $this->escaper,
+                    $this->assetRepo,
+                    $this->scopeConfig,
+                    $this->coreVariableFactory,
+                    $this->storeManager,
+                    $this->layout,
+                    $this->layoutFactory,
+                    $this->appState,
+                    $this->backendUrlBuilder,
+                    $this->emogrifier,
+                    $this->configVariables,
+                    [],
+                    $this->cssInliner,
+                ]
+            )
             ->setMethods($mockedMethods)
             ->getMock();
     }
diff --git a/app/code/Magento/MediaStorage/Console/Command/ImagesResizeCommand.php b/app/code/Magento/MediaStorage/Console/Command/ImagesResizeCommand.php
index a4b78287df012..51eba1facb90c 100644
--- a/app/code/Magento/MediaStorage/Console/Command/ImagesResizeCommand.php
+++ b/app/code/Magento/MediaStorage/Console/Command/ImagesResizeCommand.php
@@ -8,13 +8,20 @@
 namespace Magento\MediaStorage\Console\Command;
 
 use Magento\Framework\App\Area;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\App\State;
+use Magento\Framework\ObjectManagerInterface;
 use Magento\MediaStorage\Service\ImageResize;
+use Symfony\Component\Console\Helper\ProgressBar;
+use Symfony\Component\Console\Helper\ProgressBarFactory;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Output\OutputInterface;
-use Symfony\Component\Console\Helper\ProgressBar;
-use Magento\Framework\ObjectManagerInterface;
 
+/**
+ * Resizes product images according to theme view definitions.
+ *
+ * @package Magento\MediaStorage\Console\Command
+ */
 class ImagesResizeCommand extends \Symfony\Component\Console\Command\Command
 {
     /**
@@ -28,28 +35,32 @@ class ImagesResizeCommand extends \Symfony\Component\Console\Command\Command
     private $appState;
 
     /**
-     * @var ObjectManagerInterface
+     * @var ProgressBarFactory
      */
-    private $objectManager;
+    private $progressBarFactory;
 
     /**
      * @param State $appState
      * @param ImageResize $resize
      * @param ObjectManagerInterface $objectManager
+     * @param ProgressBarFactory $progressBarFactory
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
      */
     public function __construct(
         State $appState,
         ImageResize $resize,
-        ObjectManagerInterface $objectManager
+        ObjectManagerInterface $objectManager,
+        ProgressBarFactory $progressBarFactory = null
     ) {
         parent::__construct();
         $this->resize = $resize;
         $this->appState = $appState;
-        $this->objectManager = $objectManager;
+        $this->progressBarFactory = $progressBarFactory
+            ?: ObjectManager::getInstance()->get(ProgressBarFactory::class);
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     protected function configure()
     {
@@ -58,7 +69,9 @@ protected function configure()
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
+     * @param InputInterface $input
+     * @param OutputInterface $output
      */
     protected function execute(InputInterface $input, OutputInterface $output)
     {
@@ -67,10 +80,12 @@ protected function execute(InputInterface $input, OutputInterface $output)
             $generator = $this->resize->resizeFromThemes();
 
             /** @var ProgressBar $progress */
-            $progress = $this->objectManager->create(ProgressBar::class, [
-                'output' => $output,
-                'max' => $generator->current()
-            ]);
+            $progress = $this->progressBarFactory->create(
+                [
+                    'output' => $output,
+                    'max' => $generator->current()
+                ]
+            );
             $progress->setFormat(
                 "%current%/%max% [%bar%] %percent:3s%% %elapsed% %memory:6s% \t| <info>%message%</info>"
             );
@@ -79,9 +94,10 @@ protected function execute(InputInterface $input, OutputInterface $output)
                 $progress->setOverwrite(false);
             }
 
-            for (; $generator->valid(); $generator->next()) {
+            while ($generator->valid()) {
                 $progress->setMessage($generator->key());
                 $progress->advance();
+                $generator->next();
             }
         } catch (\Exception $e) {
             $output->writeln("<error>{$e->getMessage()}</error>");
@@ -91,5 +107,7 @@ protected function execute(InputInterface $input, OutputInterface $output)
 
         $output->write(PHP_EOL);
         $output->writeln("<info>Product images resized successfully</info>");
+
+        return \Magento\Framework\Console\Cli::RETURN_SUCCESS;
     }
 }
diff --git a/app/code/Magento/MediaStorage/Service/ImageResize.php b/app/code/Magento/MediaStorage/Service/ImageResize.php
index aae90512b3d95..d3f4fc01e387b 100644
--- a/app/code/Magento/MediaStorage/Service/ImageResize.php
+++ b/app/code/Magento/MediaStorage/Service/ImageResize.php
@@ -152,12 +152,12 @@ public function resizeFromImageName(string $originalImageName)
      */
     public function resizeFromThemes(array $themes = null): \Generator
     {
-        $count = $this->productImage->getCountAllProductImages();
+        $count = $this->productImage->getCountUsedProductImages();
         if (!$count) {
             throw new NotFoundException(__('Cannot resize images - product images not found'));
         }
 
-        $productImages = $this->productImage->getAllProductImages();
+        $productImages = $this->productImage->getUsedProductImages();
         $viewImages = $this->getViewImages($themes ?? $this->getThemesInUse());
 
         foreach ($productImages as $image) {
@@ -202,10 +202,12 @@ private function getViewImages(array $themes): array
         $viewImages = [];
         /** @var \Magento\Theme\Model\Theme $theme */
         foreach ($themes as $theme) {
-            $config = $this->viewConfig->getViewConfig([
-                'area' => Area::AREA_FRONTEND,
-                'themeModel' => $theme,
-            ]);
+            $config = $this->viewConfig->getViewConfig(
+                [
+                    'area' => Area::AREA_FRONTEND,
+                    'themeModel' => $theme,
+                ]
+            );
             $images = $config->getMediaEntities('Magento_Catalog', ImageHelper::MEDIA_TYPE_CONFIG_NODE);
             foreach ($images as $imageId => $imageData) {
                 $uniqIndex = $this->getUniqueImageIndex($imageData);
@@ -226,6 +228,7 @@ private function getUniqueImageIndex(array $imageData): string
     {
         ksort($imageData);
         unset($imageData['type']);
+        // phpcs:disable Magento2.Security.InsecureFunction
         return md5(json_encode($imageData));
     }
 
diff --git a/app/code/Magento/Newsletter/Block/Adminhtml/Template/Grid/Renderer/Sender.php b/app/code/Magento/Newsletter/Block/Adminhtml/Template/Grid/Renderer/Sender.php
index 04fb07d1261b6..0e9aada7b030d 100644
--- a/app/code/Magento/Newsletter/Block/Adminhtml/Template/Grid/Renderer/Sender.php
+++ b/app/code/Magento/Newsletter/Block/Adminhtml/Template/Grid/Renderer/Sender.php
@@ -11,6 +11,9 @@
  */
 namespace Magento\Newsletter\Block\Adminhtml\Template\Grid\Renderer;
 
+/**
+ * Class Sender
+ */
 class Sender extends \Magento\Backend\Block\Widget\Grid\Column\Renderer\AbstractRenderer
 {
     /**
@@ -23,10 +26,10 @@ public function render(\Magento\Framework\DataObject $row)
     {
         $str = '';
         if ($row->getTemplateSenderName()) {
-            $str .= htmlspecialchars($row->getTemplateSenderName()) . ' ';
+            $str .= $this->escapeHtml($row->getTemplateSenderName()) . ' ';
         }
         if ($row->getTemplateSenderEmail()) {
-            $str .= '[' . htmlspecialchars($row->getTemplateSenderEmail()) . ']';
+            $str .= '[' . $this->escapeHtml($row->getTemplateSenderEmail()) . ']';
         }
         if ($str == '') {
             $str .= '---';
diff --git a/app/code/Magento/Newsletter/Block/Adminhtml/Template/Preview.php b/app/code/Magento/Newsletter/Block/Adminhtml/Template/Preview.php
index f9474da452cac..58a904248e978 100644
--- a/app/code/Magento/Newsletter/Block/Adminhtml/Template/Preview.php
+++ b/app/code/Magento/Newsletter/Block/Adminhtml/Template/Preview.php
@@ -84,7 +84,7 @@ protected function _toHtml()
         $template->revertDesign();
 
         if ($template->isPlain()) {
-            $templateProcessed = "<pre>" . htmlspecialchars($templateProcessed) . "</pre>";
+            $templateProcessed = "<pre>" . $this->escapeHtml($templateProcessed) . "</pre>";
         }
 
         \Magento\Framework\Profiler::stop($this->profilerName);
@@ -142,6 +142,8 @@ protected function getStoreId()
     }
 
     /**
+     * Return template
+     *
      * @param \Magento\Newsletter\Model\Template $template
      * @param string $id
      * @return $this
diff --git a/app/code/Magento/Newsletter/Test/Unit/Block/Adminhtml/Queue/PreviewTest.php b/app/code/Magento/Newsletter/Test/Unit/Block/Adminhtml/Queue/PreviewTest.php
index 219f9127d4ad8..b64453594df41 100644
--- a/app/code/Magento/Newsletter/Test/Unit/Block/Adminhtml/Queue/PreviewTest.php
+++ b/app/code/Magento/Newsletter/Test/Unit/Block/Adminhtml/Queue/PreviewTest.php
@@ -81,13 +81,17 @@ protected function setUp()
         $queueFactory->expects($this->any())->method('create')->will($this->returnValue($this->queue));
 
         $this->objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
+
+        $escaper = $this->objectManager->getObject(\Magento\Framework\Escaper::class);
+        $context->expects($this->once())->method('getEscaper')->willReturn($escaper);
+
         $this->preview = $this->objectManager->getObject(
             \Magento\Newsletter\Block\Adminhtml\Queue\Preview::class,
             [
                 'context' => $context,
                 'templateFactory' => $templateFactory,
                 'subscriberFactory' => $subscriberFactory,
-                'queueFactory' => $queueFactory,
+                'queueFactory' => $queueFactory
             ]
         );
     }
@@ -103,12 +107,14 @@ public function testToHtmlEmpty()
 
     public function testToHtmlWithId()
     {
-        $this->request->expects($this->any())->method('getParam')->will($this->returnValueMap(
-            [
-                ['id', null, 1],
-                ['store_id', null, 0]
-            ]
-        ));
+        $this->request->expects($this->any())->method('getParam')->will(
+            $this->returnValueMap(
+                [
+                    ['id', null, 1],
+                    ['store_id', null, 0]
+                ]
+            )
+        );
         $this->queue->expects($this->once())->method('load')->will($this->returnSelf());
         $this->template->expects($this->any())->method('isPlain')->will($this->returnValue(true));
         /** @var \Magento\Store\Model\Store $store */
diff --git a/app/code/Magento/Newsletter/Test/Unit/Block/Adminhtml/Template/Grid/Renderer/SenderTest.php b/app/code/Magento/Newsletter/Test/Unit/Block/Adminhtml/Template/Grid/Renderer/SenderTest.php
index 8d760100d1469..bcb3479d65b47 100644
--- a/app/code/Magento/Newsletter/Test/Unit/Block/Adminhtml/Template/Grid/Renderer/SenderTest.php
+++ b/app/code/Magento/Newsletter/Test/Unit/Block/Adminhtml/Template/Grid/Renderer/SenderTest.php
@@ -26,8 +26,14 @@ class SenderTest extends \PHPUnit\Framework\TestCase
     protected function setUp()
     {
         $this->objectManagerHelper = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
+        $escaper = $this->objectManagerHelper->getObject(
+            \Magento\Framework\Escaper::class
+        );
         $this->sender = $this->objectManagerHelper->getObject(
-            \Magento\Newsletter\Block\Adminhtml\Template\Grid\Renderer\Sender::class
+            \Magento\Newsletter\Block\Adminhtml\Template\Grid\Renderer\Sender::class,
+            [
+                'escaper' => $escaper
+            ]
         );
     }
 
@@ -75,8 +81,8 @@ public function rendererDataProvider()
                     'sender_email' => "<br>'email@example.com'</br>",
                 ],
                 [
-                    'sender' => "&lt;br&gt;'Sender'&lt;/br&gt;",
-                    'sender_email' => "&lt;br&gt;'email@example.com'&lt;/br&gt;",
+                    'sender' => "&lt;br&gt;&#039;Sender&#039;&lt;/br&gt;",
+                    'sender_email' => "&lt;br&gt;&#039;email@example.com&#039;&lt;/br&gt;",
                 ],
             ],
             [
diff --git a/app/code/Magento/Newsletter/Test/Unit/Block/Adminhtml/Template/PreviewTest.php b/app/code/Magento/Newsletter/Test/Unit/Block/Adminhtml/Template/PreviewTest.php
index 70407b50cacc0..87fbca55e154e 100644
--- a/app/code/Magento/Newsletter/Test/Unit/Block/Adminhtml/Template/PreviewTest.php
+++ b/app/code/Magento/Newsletter/Test/Unit/Block/Adminhtml/Template/PreviewTest.php
@@ -8,6 +8,9 @@
 use Magento\Framework\App\TemplateTypesInterface;
 use Magento\Framework\TestFramework\Unit\Helper\ObjectManager as ObjectManagerHelper;
 
+/**
+ * Test for \Magento\Newsletter\Block\Adminhtml\Template\Preview
+ */
 class PreviewTest extends \PHPUnit\Framework\TestCase
 {
     /** @var \Magento\Newsletter\Block\Adminhtml\Template\Preview */
@@ -36,7 +39,9 @@ protected function setUp()
         $this->request = $this->createMock(\Magento\Framework\App\RequestInterface::class);
         $this->appState = $this->createMock(\Magento\Framework\App\State::class);
         $this->storeManager = $this->createMock(\Magento\Store\Model\StoreManagerInterface::class);
-        $this->template = $this->createPartialMock(\Magento\Newsletter\Model\Template::class, [
+        $this->template = $this->createPartialMock(
+            \Magento\Newsletter\Model\Template::class,
+            [
                 'setTemplateType',
                 'setTemplateText',
                 'setTemplateStyles',
@@ -45,7 +50,8 @@ protected function setUp()
                 'revertDesign',
                 'getProcessedTemplate',
                 'load'
-            ]);
+            ]
+        );
         $templateFactory = $this->createPartialMock(\Magento\Newsletter\Model\TemplateFactory::class, ['create']);
         $templateFactory->expects($this->once())->method('create')->willReturn($this->template);
         $this->subscriberFactory = $this->createPartialMock(
@@ -54,6 +60,9 @@ protected function setUp()
         );
 
         $this->objectManagerHelper = new ObjectManagerHelper($this);
+        $escaper = $this->objectManagerHelper->getObject(
+            \Magento\Framework\Escaper::class
+        );
         $this->preview = $this->objectManagerHelper->getObject(
             \Magento\Newsletter\Block\Adminhtml\Template\Preview::class,
             [
@@ -61,7 +70,8 @@ protected function setUp()
                 'storeManager' => $this->storeManager,
                 'request' => $this->request,
                 'templateFactory' => $templateFactory,
-                'subscriberFactory' => $this->subscriberFactory
+                'subscriberFactory' => $this->subscriberFactory,
+                'escaper' => $escaper
             ]
         );
     }
diff --git a/app/code/Magento/Reports/Block/Adminhtml/Grid.php b/app/code/Magento/Reports/Block/Adminhtml/Grid.php
index 7bbbac644bfeb..e784845dd950b 100644
--- a/app/code/Magento/Reports/Block/Adminhtml/Grid.php
+++ b/app/code/Magento/Reports/Block/Adminhtml/Grid.php
@@ -6,6 +6,12 @@
 
 namespace Magento\Reports\Block\Adminhtml;
 
+use Magento\Backend\Block\Template\Context;
+use Magento\Backend\Helper\Data;
+use Magento\Framework\Url\DecoderInterface;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Stdlib\Parameters;
+
 /**
  * Backend report grid block
  *
@@ -15,6 +21,16 @@
  */
 class Grid extends \Magento\Backend\Block\Widget\Grid
 {
+    /**
+     * @var DecoderInterface
+     */
+    private $urlDecoder;
+
+    /**
+     * @var Parameters
+     */
+    private $parameters;
+
     /**
      * Should Store Switcher block be visible
      *
@@ -71,6 +87,31 @@ class Grid extends \Magento\Backend\Block\Widget\Grid
      */
     protected $_filterValues;
 
+    /**
+     * @param Context $context
+     * @param Data $backendHelper
+     * @param array $data
+     * @param DecoderInterface|null $urlDecoder
+     * @param Parameters $parameters
+     */
+    public function __construct(
+        Context $context,
+        Data $backendHelper,
+        array $data = [],
+        DecoderInterface $urlDecoder = null,
+        Parameters $parameters = null
+    ) {
+        $this->urlDecoder = $urlDecoder ?? ObjectManager::getInstance()->get(
+            DecoderInterface::class
+        );
+
+        $this->parameters = $parameters ?? ObjectManager::getInstance()->get(
+            Parameters::class
+        );
+
+        parent::__construct($context, $backendHelper, $data);
+    }
+
     /**
      * Apply sorting and filtering to collection
      *
@@ -86,9 +127,12 @@ protected function _prepareCollection()
         }
 
         if (is_string($filter)) {
-            $data = [];
-            $filter = base64_decode($filter);
-            parse_str(urldecode($filter), $data);
+            // this is a replacement for base64_decode()
+            $filter = $this->urlDecoder->decode($filter);
+
+            // this is a replacement for parse_str()
+            $this->parameters->fromString(urldecode($filter));
+            $data = $this->parameters->toArray();
 
             if (!isset($data['report_from'])) {
                 // getting all reports from 2001 year
@@ -113,7 +157,7 @@ protected function _prepareCollection()
             $this->_setFilterValues($data);
         } elseif ($filter && is_array($filter)) {
             $this->_setFilterValues($filter);
-        } elseif (0 !== sizeof($this->_defaultFilter)) {
+        } elseif (0 !== count($this->_defaultFilter)) {
             $this->_setFilterValues($this->_defaultFilter);
         }
 
@@ -328,7 +372,7 @@ public function getFilter($name)
         if (isset($this->_filters[$name])) {
             return $this->_filters[$name];
         } else {
-            return $this->getRequest()->getParam($name) ? htmlspecialchars($this->getRequest()->getParam($name)) : '';
+            return $this->getRequest()->getParam($name) ? $this->escapeHtml($this->getRequest()->getParam($name)) : '';
         }
     }
 
diff --git a/app/code/Magento/Rule/Block/Editable.php b/app/code/Magento/Rule/Block/Editable.php
index d53213a7df876..0ea85dcff36c5 100644
--- a/app/code/Magento/Rule/Block/Editable.php
+++ b/app/code/Magento/Rule/Block/Editable.php
@@ -62,7 +62,7 @@ public function render(\Magento\Framework\Data\Form\Element\AbstractElement $ele
                 '" data-form-part="' .
                 $element->getData('data-form-part') .
                 '"/> ' .
-                htmlspecialchars(
+                $this->escapeHtml(
                     $valueName
                 ) . '&nbsp;';
         } else {
diff --git a/app/code/Magento/Sales/Block/Adminhtml/Order/View.php b/app/code/Magento/Sales/Block/Adminhtml/Order/View.php
index 36c49ff5cbfea..c4701962b77e0 100644
--- a/app/code/Magento/Sales/Block/Adminhtml/Order/View.php
+++ b/app/code/Magento/Sales/Block/Adminhtml/Order/View.php
@@ -7,6 +7,8 @@
  */
 namespace Magento\Sales\Block\Adminhtml\Order;
 
+use Magento\Sales\Model\ConfigInterface;
+
 /**
  * Adminhtml sales order view
  * @api
@@ -46,14 +48,14 @@ class View extends \Magento\Backend\Block\Widget\Form\Container
     /**
      * @param \Magento\Backend\Block\Widget\Context $context
      * @param \Magento\Framework\Registry $registry
-     * @param \Magento\Sales\Model\Config $salesConfig
+     * @param ConfigInterface $salesConfig
      * @param \Magento\Sales\Helper\Reorder $reorderHelper
      * @param array $data
      */
     public function __construct(
         \Magento\Backend\Block\Widget\Context $context,
         \Magento\Framework\Registry $registry,
-        \Magento\Sales\Model\Config $salesConfig,
+        ConfigInterface $salesConfig,
         \Magento\Sales\Helper\Reorder $reorderHelper,
         array $data = []
     ) {
@@ -466,6 +468,8 @@ public function getReviewPaymentUrl($action)
     }
 
     /**
+     * Get edit message
+     *
      * @param \Magento\Sales\Model\Order $order
      * @return \Magento\Framework\Phrase
      */
@@ -486,6 +490,8 @@ protected function getEditMessage($order)
     }
 
     /**
+     * Get non editable types
+     *
      * @param \Magento\Sales\Model\Order $order
      * @return array
      */
diff --git a/app/code/Magento/Sales/Block/Adminhtml/Reorder/Renderer/Action.php b/app/code/Magento/Sales/Block/Adminhtml/Reorder/Renderer/Action.php
index e6e5d6ec3df3f..566ea1214d91f 100644
--- a/app/code/Magento/Sales/Block/Adminhtml/Reorder/Renderer/Action.php
+++ b/app/code/Magento/Sales/Block/Adminhtml/Reorder/Renderer/Action.php
@@ -41,6 +41,8 @@ public function __construct(
     }
 
     /**
+     * Render actions
+     *
      * @param \Magento\Framework\DataObject $row
      * @return string
      */
@@ -71,7 +73,8 @@ public function render(\Magento\Framework\DataObject $row)
      */
     protected function _getEscapedValue($value)
     {
-        return addcslashes(htmlspecialchars($value), '\\\'');
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
+        return addcslashes($this->escapeHtml($value), '\\\'');
     }
 
     /**
diff --git a/app/code/Magento/Sales/Helper/Admin.php b/app/code/Magento/Sales/Helper/Admin.php
index 7053a696dcab5..ab212f77ce935 100644
--- a/app/code/Magento/Sales/Helper/Admin.php
+++ b/app/code/Magento/Sales/Helper/Admin.php
@@ -165,7 +165,7 @@ public function escapeHtmlWithLinks($data, $allowedTags = null)
                 //Recreate a minimalistic secure a tag
                 $links[] = sprintf(
                     '<a href="%s">%s</a>',
-                    htmlspecialchars($url, ENT_QUOTES, 'UTF-8', false),
+                    $this->escaper->escapeHtml($url),
                     $this->escaper->escapeHtml($text)
                 );
                 $data = str_replace($matches[0], '%' . $i . '$s', $data);
@@ -188,6 +188,7 @@ private function filterUrl(string $url): string
         if ($url) {
             //Revert the sprintf escaping
             $url = str_replace('%%', '%', $url);
+            // phpcs:ignore Magento2.Functions.DiscouragedFunction
             $urlScheme = parse_url($url, PHP_URL_SCHEME);
             $urlScheme = $urlScheme ? strtolower($urlScheme) : '';
             if ($urlScheme !== 'http' && $urlScheme !== 'https') {
diff --git a/app/code/Magento/Sales/Model/Order/Config.php b/app/code/Magento/Sales/Model/Order/Config.php
index 1b31caa573f99..92681f3ecf181 100644
--- a/app/code/Magento/Sales/Model/Order/Config.php
+++ b/app/code/Magento/Sales/Model/Order/Config.php
@@ -181,7 +181,7 @@ protected function maskStatusForArea($area, $code)
     /**
      * State label getter
      *
-     * @param   string $state
+     * @param string $state
      * @return \Magento\Framework\Phrase|string
      */
     public function getStateLabel($state)
@@ -213,7 +213,7 @@ public function getStates()
     {
         $states = [];
         foreach ($this->_getCollection() as $item) {
-            if ($item->getState()) {
+            if ($item->getState() && $item->getIsDefault()) {
                 $states[$item->getState()] = __($item->getData('label'));
             }
         }
diff --git a/app/code/Magento/Sales/etc/di.xml b/app/code/Magento/Sales/etc/di.xml
index 68fcd17122bd2..f6618c9884d60 100644
--- a/app/code/Magento/Sales/etc/di.xml
+++ b/app/code/Magento/Sales/etc/di.xml
@@ -116,6 +116,7 @@
     <preference for="Magento\Sales\Api\RefundOrderInterface" type="Magento\Sales\Model\RefundOrder"/>
     <preference for="Magento\Sales\Api\RefundInvoiceInterface" type="Magento\Sales\Model\RefundInvoice"/>
     <preference for="Magento\Sales\Model\ResourceModel\Provider\NotSyncedDataProviderInterface" type="Magento\Sales\Model\ResourceModel\Provider\NotSyncedDataProvider" />
+    <preference for="Magento\Sales\Model\ConfigInterface" type="Magento\Sales\Model\Config" />
     <type name="Magento\Sales\Model\ResourceModel\Provider\NotSyncedDataProvider">
         <arguments>
             <argument name="providers" xsi:type="array">
diff --git a/app/code/Magento/SendFriend/Model/SendFriend.php b/app/code/Magento/SendFriend/Model/SendFriend.php
index 825cac2bae10b..164b95a6ca88b 100644
--- a/app/code/Magento/SendFriend/Model/SendFriend.php
+++ b/app/code/Magento/SendFriend/Model/SendFriend.php
@@ -178,7 +178,7 @@ public function send()
 
         $this->inlineTranslation->suspend();
 
-        $message = nl2br(htmlspecialchars($this->getSender()->getMessage()));
+        $message = nl2br($this->_escaper->escapeHtml($this->getSender()->getMessage()));
         $sender = [
             'name' => $this->_escaper->escapeHtml($this->getSender()->getName()),
             'email' => $this->_escaper->escapeHtml($this->getSender()->getEmail()),
diff --git a/app/code/Magento/Sitemap/Model/Sitemap.php b/app/code/Magento/Sitemap/Model/Sitemap.php
index c35e20d997d85..d0beac8697f81 100644
--- a/app/code/Magento/Sitemap/Model/Sitemap.php
+++ b/app/code/Magento/Sitemap/Model/Sitemap.php
@@ -308,29 +308,35 @@ public function collectSitemapItems()
         $helper = $this->_sitemapData;
         $storeId = $this->getStoreId();
 
-        $this->addSitemapItem(new DataObject(
-            [
-                'changefreq' => $helper->getCategoryChangefreq($storeId),
-                'priority' => $helper->getCategoryPriority($storeId),
-                'collection' => $this->_categoryFactory->create()->getCollection($storeId),
-            ]
-        ));
-
-        $this->addSitemapItem(new DataObject(
-            [
-                'changefreq' => $helper->getProductChangefreq($storeId),
-                'priority' => $helper->getProductPriority($storeId),
-                'collection' => $this->_productFactory->create()->getCollection($storeId),
-            ]
-        ));
-
-        $this->addSitemapItem(new DataObject(
-            [
-                'changefreq' => $helper->getPageChangefreq($storeId),
-                'priority' => $helper->getPagePriority($storeId),
-                'collection' => $this->_cmsFactory->create()->getCollection($storeId),
-            ]
-        ));
+        $this->addSitemapItem(
+            new DataObject(
+                [
+                    'changefreq' => $helper->getCategoryChangefreq($storeId),
+                    'priority' => $helper->getCategoryPriority($storeId),
+                    'collection' => $this->_categoryFactory->create()->getCollection($storeId),
+                ]
+            )
+        );
+
+        $this->addSitemapItem(
+            new DataObject(
+                [
+                    'changefreq' => $helper->getProductChangefreq($storeId),
+                    'priority' => $helper->getProductPriority($storeId),
+                    'collection' => $this->_productFactory->create()->getCollection($storeId),
+                ]
+            )
+        );
+
+        $this->addSitemapItem(
+            new DataObject(
+                [
+                    'changefreq' => $helper->getPageChangefreq($storeId),
+                    'priority' => $helper->getPagePriority($storeId),
+                    'collection' => $this->_cmsFactory->create()->getCollection($storeId),
+                ]
+            )
+        );
     }
 
     /**
@@ -539,7 +545,7 @@ protected function _isSplitRequired($row)
     protected function _getSitemapRow($url, $lastmod = null, $changefreq = null, $priority = null, $images = null)
     {
         $url = $this->_getUrl($url);
-        $row = '<loc>' . htmlspecialchars($url) . '</loc>';
+        $row = '<loc>' . $this->_escaper->escapeUrl($url) . '</loc>';
         if ($lastmod) {
             $row .= '<lastmod>' . $this->_getFormattedLastmodDate($lastmod) . '</lastmod>';
         }
@@ -553,17 +559,17 @@ protected function _getSitemapRow($url, $lastmod = null, $changefreq = null, $pr
             // Add Images to sitemap
             foreach ($images->getCollection() as $image) {
                 $row .= '<image:image>';
-                $row .= '<image:loc>' . htmlspecialchars($image->getUrl()) . '</image:loc>';
-                $row .= '<image:title>' . htmlspecialchars($images->getTitle()) . '</image:title>';
+                $row .= '<image:loc>' . $this->_escaper->escapeUrl($image->getUrl()) . '</image:loc>';
+                $row .= '<image:title>' . $this->_escaper->escapeHtml($images->getTitle()) . '</image:title>';
                 if ($image->getCaption()) {
-                    $row .= '<image:caption>' . htmlspecialchars($image->getCaption()) . '</image:caption>';
+                    $row .= '<image:caption>' . $this->_escaper->escapeHtml($image->getCaption()) . '</image:caption>';
                 }
                 $row .= '</image:image>';
             }
             // Add PageMap image for Google web search
             $row .= '<PageMap xmlns="http://www.google.com/schemas/sitemap-pagemap/1.0"><DataObject type="thumbnail">';
-            $row .= '<Attribute name="name" value="' . htmlspecialchars($images->getTitle()) . '"/>';
-            $row .= '<Attribute name="src" value="' . htmlspecialchars($images->getThumbnail()) . '"/>';
+            $row .= '<Attribute name="name" value="' . $this->_escaper->escapeHtml($images->getTitle()) . '"/>';
+            $row .= '<Attribute name="src" value="' . $this->_escaper->escapeUrl($images->getThumbnail()) . '"/>';
             $row .= '</DataObject></PageMap>';
         }
 
@@ -580,7 +586,7 @@ protected function _getSitemapRow($url, $lastmod = null, $changefreq = null, $pr
     protected function _getSitemapIndexRow($sitemapFilename, $lastmod = null)
     {
         $url = $this->getSitemapUrl($this->getSitemapPath(), $sitemapFilename);
-        $row = '<loc>' . htmlspecialchars($url) . '</loc>';
+        $row = '<loc>' . $this->_escaper->escapeUrl($url) . '</loc>';
         if ($lastmod) {
             $row .= '<lastmod>' . $this->_getFormattedLastmodDate($lastmod) . '</lastmod>';
         }
@@ -722,6 +728,7 @@ protected function _getFormattedLastmodDate($date)
      */
     protected function _getDocumentRoot()
     {
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
         return realpath($this->_request->getServer('DOCUMENT_ROOT'));
     }
 
@@ -732,6 +739,7 @@ protected function _getDocumentRoot()
      */
     protected function _getStoreBaseDomain()
     {
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
         $storeParsedUrl = parse_url($this->_getStoreBaseUrl());
         $url = $storeParsedUrl['scheme'] . '://' . $storeParsedUrl['host'];
 
@@ -832,13 +840,15 @@ private function mapToSitemapItem()
 
         foreach ($this->_sitemapItems as $data) {
             foreach ($data->getCollection() as $item) {
-                $items[] = $this->sitemapItemFactory->create([
-                    'url' => $item->getUrl(),
-                    'updatedAt' => $item->getUpdatedAt(),
-                    'images' => $item->getImages(),
-                    'priority' => $data->getPriority(),
-                    'changeFrequency' => $data->getChangeFrequency(),
-                ]);
+                $items[] = $this->sitemapItemFactory->create(
+                    [
+                        'url' => $item->getUrl(),
+                        'updatedAt' => $item->getUpdatedAt(),
+                        'images' => $item->getImages(),
+                        'priority' => $data->getPriority(),
+                        'changeFrequency' => $data->getChangeFrequency(),
+                    ]
+                );
             }
         }
 
diff --git a/app/code/Magento/Sitemap/Test/Unit/Model/SitemapTest.php b/app/code/Magento/Sitemap/Test/Unit/Model/SitemapTest.php
index f805d4471553b..86d57815e02be 100644
--- a/app/code/Magento/Sitemap/Test/Unit/Model/SitemapTest.php
+++ b/app/code/Magento/Sitemap/Test/Unit/Model/SitemapTest.php
@@ -162,7 +162,7 @@ public function testNotAllowedPath()
      * Check not exists sitemap path validation
      *
      * @expectedException \Magento\Framework\Exception\LocalizedException
-     * @expectedExceptionMessage Please create the specified folder "" before saving the sitemap.
+     * @expectedExceptionMessage Please create the specified folder "/" before saving the sitemap.
      */
     public function testPathNotExists()
     {
@@ -429,10 +429,12 @@ protected function prepareSitemapModelMock(
         if (count($expectedFile) == 1) {
             $this->directoryMock->expects($this->once())
                 ->method('renameFile')
-                ->willReturnCallback(function ($from, $to) {
-                    \PHPUnit\Framework\Assert::assertEquals('/sitemap-1-1.xml', $from);
-                    \PHPUnit\Framework\Assert::assertEquals('/sitemap.xml', $to);
-                });
+                ->willReturnCallback(
+                    function ($from, $to) {
+                        \PHPUnit\Framework\Assert::assertEquals('/sitemap-1-1.xml', $from);
+                        \PHPUnit\Framework\Assert::assertEquals('/sitemap.xml', $to);
+                    }
+                );
         }
 
         // Check robots txt
@@ -524,32 +526,36 @@ protected function getModelMock($mockBeforeSave = false)
 
         $this->itemProviderMock->expects($this->any())
             ->method('getItems')
-            ->willReturn([
-                new SitemapItem('category.html', '1.0', 'daily', '2012-12-21 00:00:00'),
-                new SitemapItem('/category/sub-category.html', '1.0', 'daily', '2012-12-21 00:00:00'),
-                new SitemapItem('product.html', '0.5', 'monthly', '0000-00-00 00:00:00'),
-                new SitemapItem(
-                    'product2.html',
-                    '0.5',
-                    'monthly',
-                    '2012-12-21 00:00:00',
-                    new DataObject([
-                        'collection' => [
-                            new DataObject(
-                                [
-                                    'url' => $storeBaseMediaUrl . 'i/m/image1.png',
-                                    'caption' => 'caption & > title < "'
-                                ]
-                            ),
-                            new DataObject(
-                                ['url' => $storeBaseMediaUrl . 'i/m/image_no_caption.png', 'caption' => null]
-                            ),
-                        ],
-                        'thumbnail' => $storeBaseMediaUrl . 't/h/thumbnail.jpg',
-                        'title' => 'Product & > title < "',
-                    ])
-                )
-            ]);
+            ->willReturn(
+                [
+                    new SitemapItem('category.html', '1.0', 'daily', '2012-12-21 00:00:00'),
+                    new SitemapItem('/category/sub-category.html', '1.0', 'daily', '2012-12-21 00:00:00'),
+                    new SitemapItem('product.html', '0.5', 'monthly', '0000-00-00 00:00:00'),
+                    new SitemapItem(
+                        'product2.html',
+                        '0.5',
+                        'monthly',
+                        '2012-12-21 00:00:00',
+                        new DataObject(
+                            [
+                                'collection' => [
+                                    new DataObject(
+                                        [
+                                            'url' => $storeBaseMediaUrl . 'i/m/image1.png',
+                                            'caption' => 'caption & > title < "'
+                                        ]
+                                    ),
+                                    new DataObject(
+                                        ['url' => $storeBaseMediaUrl . 'i/m/image_no_caption.png', 'caption' => null]
+                                    ),
+                                ],
+                                'thumbnail' => $storeBaseMediaUrl . 't/h/thumbnail.jpg',
+                                'title' => 'Product & > title < "',
+                            ]
+                        )
+                    )
+                ]
+            );
 
         /** @var $model Sitemap */
         $model = $this->getMockBuilder(Sitemap::class)
@@ -598,6 +604,9 @@ private function getModelConstructorArgs()
             ->getMockForAbstractClass();
 
         $objectManager = new ObjectManager($this);
+        $escaper = $objectManager->getObject(
+            \Magento\Framework\Escaper::class
+        );
         $constructArguments = $objectManager->getConstructArguments(
             Sitemap::class,
             [
@@ -609,6 +618,7 @@ private function getModelConstructorArgs()
                 'filesystem' => $this->filesystemMock,
                 'itemProvider' => $this->itemProviderMock,
                 'configReader' => $this->configReaderMock,
+                'escaper' => $escaper
             ]
         );
         $constructArguments['resource'] = null;
diff --git a/app/code/Magento/Tax/Block/Checkout/Discount.php b/app/code/Magento/Tax/Block/Checkout/Discount.php
index c474c7a6580b5..70dac7c96c5ef 100644
--- a/app/code/Magento/Tax/Block/Checkout/Discount.php
+++ b/app/code/Magento/Tax/Block/Checkout/Discount.php
@@ -5,6 +5,8 @@
  */
 namespace Magento\Tax\Block\Checkout;
 
+use Magento\Sales\Model\ConfigInterface;
+
 /**
  * Subtotal Total Row Renderer
  */
@@ -19,7 +21,7 @@ class Discount extends \Magento\Checkout\Block\Total\DefaultTotal
      * @param \Magento\Framework\View\Element\Template\Context $context
      * @param \Magento\Customer\Model\Session $customerSession
      * @param \Magento\Checkout\Model\Session $checkoutSession
-     * @param \Magento\Sales\Model\Config $salesConfig
+     * @param ConfigInterface $salesConfig
      * @param \Magento\Tax\Model\Config $taxConfig
      * @param array $layoutProcessors
      * @param array $data
@@ -28,7 +30,7 @@ public function __construct(
         \Magento\Framework\View\Element\Template\Context $context,
         \Magento\Customer\Model\Session $customerSession,
         \Magento\Checkout\Model\Session $checkoutSession,
-        \Magento\Sales\Model\Config $salesConfig,
+        ConfigInterface $salesConfig,
         \Magento\Tax\Model\Config $taxConfig,
         array $layoutProcessors = [],
         array $data = []
@@ -39,6 +41,8 @@ public function __construct(
     }
 
     /**
+     * Get display including and excluding tax config
+     *
      * @return bool
      */
     public function displayBoth()
diff --git a/app/code/Magento/Tax/Block/Checkout/Grandtotal.php b/app/code/Magento/Tax/Block/Checkout/Grandtotal.php
index 77af1ad99ea2c..607eef2f3bcdf 100644
--- a/app/code/Magento/Tax/Block/Checkout/Grandtotal.php
+++ b/app/code/Magento/Tax/Block/Checkout/Grandtotal.php
@@ -5,6 +5,8 @@
  */
 namespace Magento\Tax\Block\Checkout;
 
+use Magento\Sales\Model\ConfigInterface;
+
 /**
  * Subtotal Total Row Renderer
  */
@@ -26,7 +28,7 @@ class Grandtotal extends \Magento\Checkout\Block\Total\DefaultTotal
      * @param \Magento\Framework\View\Element\Template\Context $context
      * @param \Magento\Customer\Model\Session $customerSession
      * @param \Magento\Checkout\Model\Session $checkoutSession
-     * @param \Magento\Sales\Model\Config $salesConfig
+     * @param ConfigInterface $salesConfig
      * @param \Magento\Tax\Model\Config $taxConfig
      * @param array $layoutProcessors
      * @param array $data
@@ -35,7 +37,7 @@ public function __construct(
         \Magento\Framework\View\Element\Template\Context $context,
         \Magento\Customer\Model\Session $customerSession,
         \Magento\Checkout\Model\Session $checkoutSession,
-        \Magento\Sales\Model\Config $salesConfig,
+        ConfigInterface $salesConfig,
         \Magento\Tax\Model\Config $taxConfig,
         array $layoutProcessors = [],
         array $data = []
diff --git a/app/code/Magento/Tax/Block/Checkout/Shipping.php b/app/code/Magento/Tax/Block/Checkout/Shipping.php
index 299c586fd224c..45c6e42574770 100644
--- a/app/code/Magento/Tax/Block/Checkout/Shipping.php
+++ b/app/code/Magento/Tax/Block/Checkout/Shipping.php
@@ -5,6 +5,8 @@
  */
 namespace Magento\Tax\Block\Checkout;
 
+use Magento\Sales\Model\ConfigInterface;
+
 /**
  * Subtotal Total Row Renderer
  */
@@ -26,7 +28,7 @@ class Shipping extends \Magento\Checkout\Block\Total\DefaultTotal
      * @param \Magento\Framework\View\Element\Template\Context $context
      * @param \Magento\Customer\Model\Session $customerSession
      * @param \Magento\Checkout\Model\Session $checkoutSession
-     * @param \Magento\Sales\Model\Config $salesConfig
+     * @param ConfigInterface $salesConfig
      * @param \Magento\Tax\Model\Config $taxConfig
      * @param array $layoutProcessors
      * @param array $data
@@ -35,7 +37,7 @@ public function __construct(
         \Magento\Framework\View\Element\Template\Context $context,
         \Magento\Customer\Model\Session $customerSession,
         \Magento\Checkout\Model\Session $checkoutSession,
-        \Magento\Sales\Model\Config $salesConfig,
+        ConfigInterface $salesConfig,
         \Magento\Tax\Model\Config $taxConfig,
         array $layoutProcessors = [],
         array $data = []
diff --git a/app/code/Magento/Tax/Block/Checkout/Subtotal.php b/app/code/Magento/Tax/Block/Checkout/Subtotal.php
index 22da07954159d..23f9223ba51f3 100644
--- a/app/code/Magento/Tax/Block/Checkout/Subtotal.php
+++ b/app/code/Magento/Tax/Block/Checkout/Subtotal.php
@@ -5,6 +5,8 @@
  */
 namespace Magento\Tax\Block\Checkout;
 
+use Magento\Sales\Model\ConfigInterface;
+
 /**
  * Subtotal Total Row Renderer
  */
@@ -26,7 +28,7 @@ class Subtotal extends \Magento\Checkout\Block\Total\DefaultTotal
      * @param \Magento\Framework\View\Element\Template\Context $context
      * @param \Magento\Customer\Model\Session $customerSession
      * @param \Magento\Checkout\Model\Session $checkoutSession
-     * @param \Magento\Sales\Model\Config $salesConfig
+     * @param ConfigInterface $salesConfig
      * @param \Magento\Tax\Model\Config $taxConfig
      * @param array $layoutProcessors
      * @param array $data
@@ -35,7 +37,7 @@ public function __construct(
         \Magento\Framework\View\Element\Template\Context $context,
         \Magento\Customer\Model\Session $customerSession,
         \Magento\Checkout\Model\Session $checkoutSession,
-        \Magento\Sales\Model\Config $salesConfig,
+        ConfigInterface $salesConfig,
         \Magento\Tax\Model\Config $taxConfig,
         array $layoutProcessors = [],
         array $data = []
@@ -46,6 +48,8 @@ public function __construct(
     }
 
     /**
+     * Get display including and excluding tax config
+     *
      * @return bool
      */
     public function displayBoth()
diff --git a/app/code/Magento/Tax/Controller/Adminhtml/Rate/AjaxSave.php b/app/code/Magento/Tax/Controller/Adminhtml/Rate/AjaxSave.php
index f6cd0fff9c9b0..572eaa55abbb5 100644
--- a/app/code/Magento/Tax/Controller/Adminhtml/Rate/AjaxSave.php
+++ b/app/code/Magento/Tax/Controller/Adminhtml/Rate/AjaxSave.php
@@ -6,10 +6,42 @@
  */
 namespace Magento\Tax\Controller\Adminhtml\Rate;
 
+use Magento\Framework\App\Action\HttpPostActionInterface;
+use Magento\Backend\App\Action\Context;
+use Magento\Framework\Registry;
+use Magento\Tax\Model\Calculation\Rate\Converter;
+use Magento\Tax\Api\TaxRateRepositoryInterface;
+use Magento\Framework\Escaper;
 use Magento\Framework\Controller\ResultFactory;
 
-class AjaxSave extends \Magento\Tax\Controller\Adminhtml\Rate
+/**
+ * Tax Rate AjaxSave Controller
+ */
+class AjaxSave extends \Magento\Tax\Controller\Adminhtml\Rate implements HttpPostActionInterface
 {
+    /**
+     * @var Escaper
+     */
+    private $escaper;
+
+    /**
+     * @param Context $context
+     * @param Registry $coreRegistry
+     * @param Converter $taxRateConverter
+     * @param TaxRateRepositoryInterface $taxRateRepository
+     * @param Escaper $escaper
+     */
+    public function __construct(
+        Context $context,
+        Registry $coreRegistry,
+        Converter $taxRateConverter,
+        TaxRateRepositoryInterface $taxRateRepository,
+        Escaper $escaper
+    ) {
+        $this->escaper = $escaper;
+        parent::__construct($context, $coreRegistry, $taxRateConverter, $taxRateRepository);
+    }
+
     /**
      * Save Tax Rate via AJAX
      *
@@ -27,7 +59,7 @@ public function execute()
                 'success' => true,
                 'error_message' => '',
                 'tax_calculation_rate_id' => $taxRate->getId(),
-                'code' =>  htmlspecialchars($taxRate->getCode()),
+                'code' =>  $this->escaper->escapeHtml($taxRate->getCode()),
             ];
         } catch (\Magento\Framework\Exception\LocalizedException $e) {
             $responseContent = [
diff --git a/app/code/Magento/Translation/Model/Inline/Parser.php b/app/code/Magento/Translation/Model/Inline/Parser.php
index e0b2ce40405d1..e984fc9ee1a1a 100644
--- a/app/code/Magento/Translation/Model/Inline/Parser.php
+++ b/app/code/Magento/Translation/Model/Inline/Parser.php
@@ -7,8 +7,7 @@
 namespace Magento\Translation\Model\Inline;
 
 /**
- * This class is responsible for parsing content and applying necessary html element
- * wrapping and client scripts for inline translation.
+ * Parse content, applying necessary html element wrapping and client scripts for inline translation.
  *
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
@@ -19,6 +18,11 @@ class Parser implements \Magento\Framework\Translate\Inline\ParserInterface
      */
     const DATA_TRANSLATE = 'data-translate';
 
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * Response body or JSON content string
      *
@@ -132,6 +136,8 @@ class Parser implements \Magento\Framework\Translate\Inline\ParserInterface
     private $relatedCacheTypes;
 
     /**
+     * Return cache manager
+     *
      * @return \Magento\Translation\Model\Inline\CacheManager
      *
      * @deprecated 100.1.0
@@ -149,13 +155,14 @@ private function getCacheManger()
     /**
      * Initialize base inline translation model
      *
-     * @param \Magento\Store\Model\StoreManagerInterface $storeManager
      * @param \Magento\Translation\Model\ResourceModel\StringUtilsFactory $resource
+     * @param \Magento\Store\Model\StoreManagerInterface $storeManager
      * @param \Zend_Filter_Interface $inputFilter
      * @param \Magento\Framework\App\State $appState
      * @param \Magento\Framework\App\Cache\TypeListInterface $appCache
      * @param \Magento\Framework\Translate\InlineInterface $translateInline
      * @param array $relatedCacheTypes
+     * @param \Magento\Framework\Escaper|null $escaper
      */
     public function __construct(
         \Magento\Translation\Model\ResourceModel\StringUtilsFactory $resource,
@@ -164,7 +171,8 @@ public function __construct(
         \Magento\Framework\App\State $appState,
         \Magento\Framework\App\Cache\TypeListInterface $appCache,
         \Magento\Framework\Translate\InlineInterface $translateInline,
-        array $relatedCacheTypes = []
+        array $relatedCacheTypes = [],
+        \Magento\Framework\Escaper $escaper = null
     ) {
         $this->_resourceFactory = $resource;
         $this->_storeManager = $storeManager;
@@ -173,6 +181,9 @@ public function __construct(
         $this->_appCache = $appCache;
         $this->_translateInline = $translateInline;
         $this->relatedCacheTypes = $relatedCacheTypes;
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
     }
 
     /**
@@ -236,8 +247,8 @@ protected function _validateTranslationParams(array $translateParams)
     /**
      * Apply input filter to values of translation parameters
      *
-     * @param array &$translateParams
-     * @param array $fieldNames Names of fields values of which are to be filtered
+     * @param array $translateParams
+     * @param array $fieldNames
      * @return void
      */
     protected function _filterTranslationParams(array &$translateParams, array $fieldNames)
@@ -344,7 +355,7 @@ protected function _applySpecialTagsFormat($tagHtml, $tagName, $trArr)
     {
         $specialTags = $tagHtml . '<span class="translate-inline-' . $tagName . '" ' . $this->_getHtmlAttribute(
             self::DATA_TRANSLATE,
-            '[' . htmlspecialchars(join(',', $trArr)) . ']'
+            '[' . $this->escaper->escapeHtml(join(',', $trArr)) . ']'
         );
         $additionalAttr = $this->_getAdditionalHtmlAttribute($tagName);
         if ($additionalAttr !== null) {
@@ -360,7 +371,7 @@ protected function _applySpecialTagsFormat($tagHtml, $tagName, $trArr)
      * Format translation for simple tags.  Added translate mode attribute for vde requests.
      *
      * @param string $tagHtml
-     * @param string  $tagName
+     * @param string $tagName
      * @param array $trArr
      * @return string
      */
@@ -372,7 +383,7 @@ protected function _applySimpleTagsFormat($tagHtml, $tagName, $trArr)
             strlen($tagName) + 1
         ) . ' ' . $this->_getHtmlAttribute(
             self::DATA_TRANSLATE,
-            htmlspecialchars('[' . join(',', $trArr) . ']')
+            $this->escaper->escapeHtml('[' . join(',', $trArr) . ']')
         );
         $additionalAttr = $this->_getAdditionalHtmlAttribute($tagName);
         if ($additionalAttr !== null) {
@@ -386,12 +397,12 @@ protected function _applySimpleTagsFormat($tagHtml, $tagName, $trArr)
      * Get translate data by regexp
      *
      * @param string $regexp
-     * @param string &$text
-     * @param string|array $locationCallback
+     * @param string $text
+     * @param callable $locationCallback
      * @param array $options
      * @return array
      */
-    private function _getTranslateData($regexp, &$text, $locationCallback, $options = [])
+    private function _getTranslateData(string $regexp, string &$text, callable $locationCallback, array $options = [])
     {
         $trArr = [];
         $next = 0;
@@ -401,7 +412,7 @@ private function _getTranslateData($regexp, &$text, $locationCallback, $options
                     'shown' => htmlspecialchars_decode($matches[1][0]),
                     'translated' => htmlspecialchars_decode($matches[2][0]),
                     'original' => htmlspecialchars_decode($matches[3][0]),
-                    'location' => htmlspecialchars_decode(call_user_func($locationCallback, $matches, $options)),
+                    'location' => htmlspecialchars_decode($locationCallback($matches, $options)),
                 ]
             );
             $text = substr_replace($text, $matches[1][0], $matches[0][1], strlen($matches[0][0]));
@@ -446,7 +457,8 @@ private function _prepareTagAttributesForContent(&$content)
                     $tagHtml = str_replace($matches[0], '', $tagHtml);
                     $trAttr = ' ' . $this->_getHtmlAttribute(
                         self::DATA_TRANSLATE,
-                        '[' . htmlspecialchars($matches[1]) . ',' . str_replace("\"", "'", join(',', $trArr)) . ']'
+                        '[' . $this->escaper->escapeHtml($matches[1]) . ',' .
+                        str_replace("\"", "'", join(',', $trArr)) . ']'
                     );
                 } else {
                     $trAttr = ' ' . $this->_getHtmlAttribute(
@@ -512,19 +524,31 @@ private function _getHtmlQuote()
      */
     private function _specialTags()
     {
-        $this->_translateTags($this->_content, $this->_allowedTagsGlobal, '_applySpecialTagsFormat');
-        $this->_translateTags($this->_content, $this->_allowedTagsSimple, '_applySimpleTagsFormat');
+        $this->_translateTags(
+            $this->_content,
+            $this->_allowedTagsGlobal,
+            function ($tagHtml, $tagName, $trArr) {
+                return $this->_applySpecialTagsFormat($tagHtml, $tagName, $trArr);
+            }
+        );
+        $this->_translateTags(
+            $this->_content,
+            $this->_allowedTagsSimple,
+            function ($tagHtml, $tagName, $trArr) {
+                return $this->_applySimpleTagsFormat($tagHtml, $tagName, $trArr);
+            }
+        );
     }
 
     /**
      * Prepare simple tags
      *
-     * @param string &$content
+     * @param string $content
      * @param array $tagsList
-     * @param string|array $formatCallback
+     * @param callable $formatCallback
      * @return void
      */
-    private function _translateTags(&$content, $tagsList, $formatCallback)
+    private function _translateTags(string &$content, array $tagsList, callable $formatCallback)
     {
         $nextTag = 0;
         $tagRegExpBody = '#<(body)(/?>| \s*[^>]*+/?>)#iSU';
@@ -575,10 +599,10 @@ private function _translateTags(&$content, $tagsList, $formatCallback)
                     if (array_key_exists($tagName, $this->_allowedTagsGlobal)
                         && $tagBodyOpenStartPosition > $tagMatch[0][1]
                     ) {
-                        $tagHtmlHead = call_user_func([$this, $formatCallback], $tagHtml, $tagName, $trArr);
+                        $tagHtmlHead = $formatCallback($tagHtml, $tagName, $trArr);
                         $headTranslateTags .= substr($tagHtmlHead, strlen($tagHtml));
                     } else {
-                        $tagHtml = call_user_func([$this, $formatCallback], $tagHtml, $tagName, $trArr);
+                        $tagHtml = $formatCallback($tagHtml, $tagName, $trArr);
                     }
                 }
 
@@ -649,7 +673,7 @@ private function _otherText()
             );
 
             $spanHtml = $this->_getDataTranslateSpan(
-                '[' . htmlspecialchars($translateProperties) . ']',
+                '[' . $this->escaper->escapeHtmlAttr($translateProperties) . ']',
                 $matches[1][0]
             );
             $this->_content = substr_replace($this->_content, $spanHtml, $matches[0][1], strlen($matches[0][0]));
diff --git a/app/code/Magento/Translation/Model/ResourceModel/StringUtils.php b/app/code/Magento/Translation/Model/ResourceModel/StringUtils.php
index 4be4e055a7d83..769336419d89b 100644
--- a/app/code/Magento/Translation/Model/ResourceModel/StringUtils.php
+++ b/app/code/Magento/Translation/Model/ResourceModel/StringUtils.php
@@ -5,8 +5,16 @@
  */
 namespace Magento\Translation\Model\ResourceModel;
 
+/**
+ * String translation utilities
+ */
 class StringUtils extends \Magento\Framework\Model\ResourceModel\Db\AbstractDb
 {
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * @var \Magento\Framework\Locale\ResolverInterface
      */
@@ -28,17 +36,22 @@ class StringUtils extends \Magento\Framework\Model\ResourceModel\Db\AbstractDb
      * @param \Magento\Framework\App\ScopeResolverInterface $scopeResolver
      * @param string $connectionName
      * @param string|null $scope
+     * @param \Magento\Framework\Escaper|null $escaper
      */
     public function __construct(
         \Magento\Framework\Model\ResourceModel\Db\Context $context,
         \Magento\Framework\Locale\ResolverInterface $localeResolver,
         \Magento\Framework\App\ScopeResolverInterface $scopeResolver,
         $connectionName = null,
-        $scope = null
+        $scope = null,
+        \Magento\Framework\Escaper $escaper = null
     ) {
         $this->_localeResolver = $localeResolver;
         $this->scopeResolver = $scopeResolver;
         $this->scope = $scope;
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
         parent::__construct($context, $connectionName);
     }
 
@@ -211,7 +224,7 @@ public function saveTranslate($string, $translate, $locale = null, $storeId = nu
         $string = htmlspecialchars_decode($string);
         $connection = $this->getConnection();
         $table = $this->getMainTable();
-        $translate = htmlspecialchars($translate, ENT_QUOTES);
+        $translate = $this->escaper->escapeHtml($translate);
 
         if ($locale === null) {
             $locale = $this->_localeResolver->getLocale();
diff --git a/app/code/Magento/Ui/Test/Unit/Component/Control/ButtonTest.php b/app/code/Magento/Ui/Test/Unit/Component/Control/ButtonTest.php
index bc7c3ac677e10..97c77c158c147 100644
--- a/app/code/Magento/Ui/Test/Unit/Component/Control/ButtonTest.php
+++ b/app/code/Magento/Ui/Test/Unit/Component/Control/ButtonTest.php
@@ -10,6 +10,9 @@
 use Magento\Framework\View\Element\Template\Context;
 use Magento\Ui\Component\Control\Button;
 
+/**
+ * Class ButtonTest
+ */
 class ButtonTest extends \PHPUnit\Framework\TestCase
 {
     /**
@@ -55,7 +58,7 @@ public function testGetType()
     public function testGetAttributesHtml()
     {
         $expected = 'type="button" class="action- scalable classValue disabled" '
-            . 'onclick="location.href = \'url2\';" disabled="disabled" data-attributeKey="attributeValue" ';
+            . 'onclick="location.href = &#039;url2&#039;;" disabled="disabled" data-attributeKey="attributeValue" ';
         $this->button->setDisabled(true);
         $this->button->setData('url', 'url2');
         $this->button->setData('class', 'classValue');
diff --git a/app/code/Magento/Ui/view/base/web/js/form/element/date.js b/app/code/Magento/Ui/view/base/web/js/form/element/date.js
index 4e532c9d48cc6..0817b31d737b9 100644
--- a/app/code/Magento/Ui/view/base/web/js/form/element/date.js
+++ b/app/code/Magento/Ui/view/base/web/js/form/element/date.js
@@ -125,17 +125,13 @@ define([
                     shiftedValue = moment(value, dateFormat);
                 }
 
-                if (!shiftedValue.isValid()) {
-                    shiftedValue = moment(value, this.inputDateFormat);
-                }
                 shiftedValue = shiftedValue.format(this.pickerDateTimeFormat);
-            } else {
-                shiftedValue = '';
-            }
 
-            if (shiftedValue !== this.shiftedValue()) {
-                this.shiftedValue(shiftedValue);
+                if (shiftedValue !== this.shiftedValue()) {
+                    this.shiftedValue(shiftedValue);
+                }
             }
+
         },
 
         /**
diff --git a/app/code/Magento/Ui/view/base/web/js/grid/massactions.js b/app/code/Magento/Ui/view/base/web/js/grid/massactions.js
index 3626f52806881..a1884c20da2e8 100644
--- a/app/code/Magento/Ui/view/base/web/js/grid/massactions.js
+++ b/app/code/Magento/Ui/view/base/web/js/grid/massactions.js
@@ -153,11 +153,6 @@ define([
             var itemsType = data.excludeMode ? 'excluded' : 'selected',
                 selections = {};
 
-            if (itemsType === 'excluded' && data.selected && data.selected.length) {
-                itemsType = 'selected';
-                data[itemsType] = _.difference(data.selected, data.excluded);
-            }
-
             selections[itemsType] = data[itemsType];
 
             if (!selections[itemsType].length) {
diff --git a/app/code/Magento/Webapi/Model/Soap/Fault.php b/app/code/Magento/Webapi/Model/Soap/Fault.php
index 74b1b41ee1bf5..7214f37d04468 100644
--- a/app/code/Magento/Webapi/Model/Soap/Fault.php
+++ b/app/code/Magento/Webapi/Model/Soap/Fault.php
@@ -9,6 +9,9 @@
 
 use Magento\Framework\App\State;
 
+/**
+ * Webapi Fault Model for Soap.
+ */
 class Fault
 {
     const FAULT_REASON_INTERNAL = 'Internal Error.';
@@ -39,6 +42,11 @@ class Fault
     const NODE_DETAIL_WRAPPER = 'GenericFault';
     /**#@-*/
 
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * @var string
      */
@@ -108,13 +116,15 @@ class Fault
      * @param \Magento\Framework\Webapi\Exception $exception
      * @param \Magento\Framework\Locale\ResolverInterface $localeResolver
      * @param State $appState
+     * @param \Magento\Framework\Escaper|null $escaper
      */
     public function __construct(
         \Magento\Framework\App\RequestInterface $request,
         Server $soapServer,
         \Magento\Framework\Webapi\Exception $exception,
         \Magento\Framework\Locale\ResolverInterface $localeResolver,
-        State $appState
+        State $appState,
+        \Magento\Framework\Escaper $escaper = null
     ) {
         $this->_soapFaultCode = $exception->getOriginator();
         $this->_parameters = $exception->getDetails();
@@ -125,6 +135,9 @@ public function __construct(
         $this->_soapServer = $soapServer;
         $this->_localeResolver = $localeResolver;
         $this->appState = $appState;
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
     }
 
     /**
@@ -210,6 +223,8 @@ public function getLanguage()
     }
 
     /**
+     * Retrieve message
+     *
      * @return string
      */
     public function getMessage()
@@ -286,14 +301,15 @@ protected function _convertDetailsToXml($details)
     {
         $detailsXml = '';
         foreach ($details as $detailNode => $detailValue) {
-            $detailNode = htmlspecialchars($detailNode);
+            $detailNode = $this->escaper->escapeHtml($detailNode);
             if (is_numeric($detailNode)) {
                 continue;
             }
             switch ($detailNode) {
                 case self::NODE_DETAIL_TRACE:
                     if (is_string($detailValue) || is_numeric($detailValue)) {
-                        $detailsXml .= "<m:{$detailNode}>" . htmlspecialchars($detailValue) . "</m:{$detailNode}>";
+                        $detailsXml .= "<m:{$detailNode}>" . $this->escaper->escapeHtml($detailValue) .
+                            "</m:{$detailNode}>";
                     }
                     break;
                 case self::NODE_DETAIL_PARAMETERS:
@@ -331,7 +347,7 @@ protected function _getParametersXml($parameters)
                     $parameterName++;
                 }
                 $paramsXml .= "<m:$parameterNode><m:$keyNode>$parameterName</m:$keyNode><m:$valueNode>"
-                    . htmlspecialchars($parameterValue) . "</m:$valueNode></m:$parameterNode>";
+                    . $this->escaper->escapeHtml($parameterValue) . "</m:$valueNode></m:$parameterNode>";
             }
         }
         if (!empty($paramsXml)) {
diff --git a/app/code/Magento/Widget/Setup/LayoutUpdateConverter.php b/app/code/Magento/Widget/Setup/LayoutUpdateConverter.php
index 54c364dcc49a4..39b3d3c4b5a6e 100644
--- a/app/code/Magento/Widget/Setup/LayoutUpdateConverter.php
+++ b/app/code/Magento/Widget/Setup/LayoutUpdateConverter.php
@@ -16,6 +16,11 @@
  */
 class LayoutUpdateConverter extends SerializedToJson
 {
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * @var Normalizer
      */
@@ -27,13 +32,18 @@ class LayoutUpdateConverter extends SerializedToJson
      * @param Serialize $serialize
      * @param Json $json
      * @param Normalizer $normalizer
+     * @param \Magento\Framework\Escaper|null $escaper
      */
     public function __construct(
         Serialize $serialize,
         Json $json,
-        Normalizer $normalizer
+        Normalizer $normalizer,
+        \Magento\Framework\Escaper $escaper = null
     ) {
         $this->normalizer = $normalizer;
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
         parent::__construct($serialize, $json);
     }
 
@@ -85,7 +95,7 @@ protected function unserializeValue($value)
      */
     protected function encodeJson($value)
     {
-        return htmlspecialchars(
+        return $this->escaper->escapeHtml(
             $this->normalizer->replaceReservedCharacters(parent::encodeJson($value))
         );
     }
diff --git a/app/code/Magento/Wishlist/Controller/Index/Send.php b/app/code/Magento/Wishlist/Controller/Index/Send.php
index a4e8258b9d67e..20a5c64ab20c0 100644
--- a/app/code/Magento/Wishlist/Controller/Index/Send.php
+++ b/app/code/Magento/Wishlist/Controller/Index/Send.php
@@ -31,6 +31,11 @@
  */
 class Send extends \Magento\Wishlist\Controller\AbstractIndex implements Action\HttpPostActionInterface
 {
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * @var \Magento\Customer\Helper\View
      */
@@ -105,6 +110,7 @@ class Send extends \Magento\Wishlist\Controller\AbstractIndex implements Action\
      * @param StoreManagerInterface $storeManager
      * @param CaptchaHelper|null $captchaHelper
      * @param CaptchaStringResolver|null $captchaStringResolver
+     * @param \Magento\Framework\Escaper|null $escaper
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -120,7 +126,8 @@ public function __construct(
         ScopeConfigInterface $scopeConfig,
         StoreManagerInterface $storeManager,
         ?CaptchaHelper $captchaHelper = null,
-        ?CaptchaStringResolver $captchaStringResolver = null
+        ?CaptchaStringResolver $captchaStringResolver = null,
+        \Magento\Framework\Escaper $escaper = null
     ) {
         $this->_formKeyValidator = $formKeyValidator;
         $this->_customerSession = $customerSession;
@@ -135,7 +142,9 @@ public function __construct(
         $this->captchaHelper = $captchaHelper ?: ObjectManager::getInstance()->get(CaptchaHelper::class);
         $this->captchaStringResolver = $captchaStringResolver ?
             : ObjectManager::getInstance()->get(CaptchaStringResolver::class);
-
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
         parent::__construct($context);
     }
 
@@ -189,7 +198,7 @@ public function execute()
         if (strlen($message) > $textLimit) {
             $error = __('Message length must not exceed %1 symbols', $textLimit);
         } else {
-            $message = nl2br(htmlspecialchars($message));
+            $message = nl2br($this->escaper->escapeHtml($message));
             if (empty($emails)) {
                 $error = __('Please enter an email address.');
             } else {
diff --git a/app/code/Magento/Wishlist/Model/ResourceModel/Item/Collection.php b/app/code/Magento/Wishlist/Model/ResourceModel/Item/Collection.php
index 5c131d27fb8d4..61d444f786ca8 100644
--- a/app/code/Magento/Wishlist/Model/ResourceModel/Item/Collection.php
+++ b/app/code/Magento/Wishlist/Model/ResourceModel/Item/Collection.php
@@ -6,7 +6,11 @@
 namespace Magento\Wishlist\Model\ResourceModel\Item;
 
 use Magento\Catalog\Api\Data\ProductInterface;
+use Magento\Catalog\Model\Indexer\Category\Product\TableMaintainer;
+use Magento\CatalogInventory\Model\Stock;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\EntityManager\MetadataPool;
+use Magento\Sales\Model\ConfigInterface;
 
 /**
  * Wishlist item collection
@@ -144,6 +148,16 @@ class Collection extends \Magento\Framework\Model\ResourceModel\Db\Collection\Ab
      */
     protected $metadataPool;
 
+    /**
+     * @var TableMaintainer
+     */
+    private $tableMaintainer;
+
+    /**
+     * @var ConfigInterface
+     */
+    private $salesConfig;
+
     /**
      * @param \Magento\Framework\Data\Collection\EntityFactory $entityFactory
      * @param \Psr\Log\LoggerInterface $logger
@@ -163,6 +177,8 @@ class Collection extends \Magento\Framework\Model\ResourceModel\Db\Collection\Ab
      * @param \Magento\Wishlist\Model\ResourceModel\Item $resource
      * @param \Magento\Framework\App\State $appState
      * @param \Magento\Framework\DB\Adapter\AdapterInterface $connection
+     * @param TableMaintainer|null $tableMaintainer
+     * @param  ConfigInterface|null $salesConfig
      *
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
@@ -184,7 +200,9 @@ public function __construct(
         \Magento\Catalog\Model\Entity\AttributeFactory $catalogAttrFactory,
         \Magento\Wishlist\Model\ResourceModel\Item $resource,
         \Magento\Framework\App\State $appState,
-        \Magento\Framework\DB\Adapter\AdapterInterface $connection = null
+        \Magento\Framework\DB\Adapter\AdapterInterface $connection = null,
+        TableMaintainer $tableMaintainer = null,
+        ConfigInterface $salesConfig = null
     ) {
         $this->stockConfiguration = $stockConfiguration;
         $this->_adminhtmlSales = $adminhtmlSales;
@@ -199,6 +217,8 @@ public function __construct(
         $this->_catalogAttrFactory = $catalogAttrFactory;
         $this->_appState = $appState;
         parent::__construct($entityFactory, $logger, $fetchStrategy, $eventManager, $connection, $resource);
+        $this->tableMaintainer = $tableMaintainer ?: ObjectManager::getInstance()->get(TableMaintainer::class);
+        $this->salesConfig = $salesConfig ?: ObjectManager::getInstance()->get(ConfigInterface::class);
     }
 
     /**
@@ -330,6 +350,53 @@ protected function _assignProducts()
         return $this;
     }
 
+    /**
+     * @inheritdoc
+     */
+    protected function _renderFiltersBefore()
+    {
+        parent::_renderFiltersBefore();
+
+        $mainTableName = 'main_table';
+        $connection = $this->getConnection();
+
+        if ($this->_productInStock && !$this->stockConfiguration->isShowOutOfStock()) {
+            $inStockConditions = [
+                "stockItem.product_id =  {$mainTableName}.product_id",
+                $connection->quoteInto('stockItem.stock_status = ?', Stock::STOCK_IN_STOCK),
+            ];
+            $this->getSelect()->join(
+                ['stockItem' => $this->getTable('cataloginventory_stock_status')],
+                join(' AND ', $inStockConditions),
+                []
+            );
+        }
+
+        if ($this->_productVisible) {
+            $rootCategoryId = $this->_storeManager->getStore()->getRootCategoryId();
+            $visibleInSiteIds = $this->_productVisibility->getVisibleInSiteIds();
+            $visibilityConditions = [
+                "cat_index.product_id = {$mainTableName}.product_id",
+                $connection->quoteInto('cat_index.category_id = ?', $rootCategoryId),
+                $connection->quoteInto('cat_index.visibility IN (?)', $visibleInSiteIds)
+            ];
+            $this->getSelect()->join(
+                ['cat_index' => $this->tableMaintainer->getMainTable($this->_storeManager->getStore()->getId())],
+                join(' AND ', $visibilityConditions),
+                []
+            );
+        }
+
+        if ($this->_productSalable) {
+            $availableProductTypes = $this->salesConfig->getAvailableProductTypes();
+            $this->getSelect()->join(
+                ['cat_prod' => $this->getTable('catalog_product_entity')],
+                $this->getConnection()->quoteInto('cat_prod.type_id IN (?)', $availableProductTypes),
+                []
+            );
+        }
+    }
+
     /**
      * Add filter by wishlist object
      *
diff --git a/app/code/Magento/Wishlist/Test/Mftf/ActionGroup/StorefrontCustomerWishlistActionGroup.xml b/app/code/Magento/Wishlist/Test/Mftf/ActionGroup/StorefrontCustomerWishlistActionGroup.xml
index a1c5b9eae5c49..55e146b09eedd 100644
--- a/app/code/Magento/Wishlist/Test/Mftf/ActionGroup/StorefrontCustomerWishlistActionGroup.xml
+++ b/app/code/Magento/Wishlist/Test/Mftf/ActionGroup/StorefrontCustomerWishlistActionGroup.xml
@@ -97,4 +97,10 @@
         <click selector="{{StorefrontCustomerWishlistShareSection.ProductShareWishlistButton}}" stepKey="sendWishlist"/>
         <see selector="{{StorefrontCustomerWishlistProductSection.productSuccessShareMessage}}" userInput="Your wish list has been shared." stepKey="successMessage"/>
     </actionGroup>
+
+    <!-- Check that wishlist is empty -->
+    <actionGroup name="StorefrontAssertCustomerWishlistIsEmpty">
+        <dontSeeElement selector="{{StorefrontCustomerWishlistProductSection.pager}}" stepKey="checkThatPagerIsAbsent"/>
+        <see selector="{{StorefrontCustomerWishlistProductSection.wishlistEmpty}}" userInput="You have no items in your wish list." stepKey="checkNoItemsMessage"/>
+    </actionGroup>
 </actionGroups>
diff --git a/app/code/Magento/Wishlist/Test/Mftf/Section/StorefrontCustomerWishlistProductSection.xml b/app/code/Magento/Wishlist/Test/Mftf/Section/StorefrontCustomerWishlistProductSection.xml
index ef619726b76ab..0b6c2f1191c40 100644
--- a/app/code/Magento/Wishlist/Test/Mftf/Section/StorefrontCustomerWishlistProductSection.xml
+++ b/app/code/Magento/Wishlist/Test/Mftf/Section/StorefrontCustomerWishlistProductSection.xml
@@ -22,5 +22,7 @@
         <element name="productShareWishList" type="button" selector="button.action.share" timeout="30" />
         <element name="ProductSuccessUpdateMessage" type="text" selector="//div[1]/div[2]/div/div/div"/>
         <element name="productSuccessShareMessage" type="text" selector="div.message-success"/>
+        <element name="pager" type="block" selector=".toolbar .pager"/>
+        <element name="wishlistEmpty" type="block" selector=".form-wishlist-items .message.info.empty"/>
     </section>
 </sections>
diff --git a/app/code/Magento/Wishlist/Test/Mftf/Test/WishListWithDisabledProductTest.xml b/app/code/Magento/Wishlist/Test/Mftf/Test/WishListWithDisabledProductTest.xml
new file mode 100644
index 0000000000000..af216c139e7fe
--- /dev/null
+++ b/app/code/Magento/Wishlist/Test/Mftf/Test/WishListWithDisabledProductTest.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
+    <test name="WishListWithDisabledProductTest">
+        <annotations>
+            <title value="Wish List should not include disabled products"/>
+            <stories value="Customer wishlist"/>
+            <description value="Wish List should not include disabled products and pager should be absent"/>
+            <severity value="MAJOR"/>
+            <useCaseId value="MAGETWO-99228"/>
+            <testCaseId value="MC-16050"/>
+            <group value="wishlist"/>
+        </annotations>
+        <before>
+            <createData entity="SimpleProduct2" stepKey="createProduct"/>
+            <createData entity="Simple_US_Customer" stepKey="createCustomer"/>
+        </before>
+        <after>
+            <deleteData createDataKey="createProduct" stepKey="deleteProduct"/>
+            <deleteData createDataKey="createCustomer" stepKey="deleteCustomer"/>
+            <actionGroup ref="StorefrontCustomerLogoutActionGroup" stepKey="customerLogout"/>
+            <actionGroup ref="logout" stepKey="logout"/>
+        </after>
+        <actionGroup ref="LoginToStorefrontActionGroup" stepKey="loginToStorefrontAccount">
+            <argument name="Customer" value="$$createCustomer$$"/>
+        </actionGroup>
+        <amOnPage url="{{StorefrontProductPage.url($$createProduct.custom_attributes[url_key]$$)}}" stepKey="amOnProductPage"/>
+        <actionGroup ref="StorefrontCustomerAddProductToWishlistActionGroup" stepKey="addProductToWishlist">
+            <argument name="productVar" value="$$createProduct$$"/>
+        </actionGroup>
+        <actionGroup ref="StorefrontCustomerCheckProductInWishlist" stepKey="checkProductInWishlist">
+            <argument name="productVar" value="$$createProduct$$"/>
+        </actionGroup>
+        <openNewTab stepKey="openNewTab"/>
+        <actionGroup ref="LoginAsAdmin" stepKey="loginToAdminArea"/>
+        <amOnPage url="{{AdminProductEditPage.url($$createProduct.id$$)}}" stepKey="goToProductEditPage"/>
+        <actionGroup ref="AdminSetProductDisabled" stepKey="disableProduct"/>
+        <actionGroup ref="saveProductForm" stepKey="saveProduct"/>
+        <closeTab stepKey="closeSecondTab"/>
+        <reloadPage stepKey="refreshPage"/>
+        <actionGroup ref="StorefrontAssertCustomerWishlistIsEmpty" stepKey="checkProductIsAbsentInWishlistIsEmpty"/>
+    </test>
+</tests>
diff --git a/dev/tests/integration/testsuite/Magento/Catalog/Model/ProductRepositoryTest.php b/dev/tests/integration/testsuite/Magento/Catalog/Model/ProductRepositoryTest.php
index d4016b2bfa8d4..cbde2fa1d2b20 100644
--- a/dev/tests/integration/testsuite/Magento/Catalog/Model/ProductRepositoryTest.php
+++ b/dev/tests/integration/testsuite/Magento/Catalog/Model/ProductRepositoryTest.php
@@ -8,6 +8,7 @@
 namespace Magento\Catalog\Model;
 
 use Magento\Catalog\Api\ProductRepositoryInterface;
+use Magento\Catalog\Model\ResourceModel\Product as ProductResource;
 use Magento\TestFramework\Helper\Bootstrap;
 
 /**
@@ -15,6 +16,7 @@
  *
  * @magentoDbIsolation enabled
  * @magentoAppIsolation enabled
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
 class ProductRepositoryTest extends \PHPUnit\Framework\TestCase
 {
@@ -30,6 +32,16 @@ class ProductRepositoryTest extends \PHPUnit\Framework\TestCase
      */
     private $searchCriteriaBuilder;
 
+    /**
+     * @var ProductFactory
+     */
+    private $productFactory;
+
+    /**
+     * @var ProductResource
+     */
+    private $productResource;
+
     /**
      * Sets up common objects
      */
@@ -42,6 +54,12 @@ protected function setUp()
         $this->searchCriteriaBuilder = \Magento\Framework\App\ObjectManager::getInstance()->create(
             \Magento\Framework\Api\SearchCriteriaBuilder::class
         );
+
+        $this->productFactory = Bootstrap::getObjectManager()->get(ProductFactory::class);
+
+        $this->productResource = Bootstrap::getObjectManager()->get(ProductResource::class);
+
+        $this->productRepository = Bootstrap::getObjectManager()->get(ProductRepositoryInterface::class);
     }
 
     /**
@@ -116,10 +134,15 @@ public function testSaveProductWithGalleryImage(): void
 
         $path = $mediaConfig->getBaseMediaPath() . '/magento_image.jpg';
         $absolutePath = $mediaDirectory->getAbsolutePath() . $path;
-        $product->addImageToMediaGallery($absolutePath, [
+        $product->addImageToMediaGallery(
+            $absolutePath,
+            [
             'image',
             'small_image',
-        ], false, false);
+            ],
+            false,
+            false
+        );
 
         /** @var \Magento\Catalog\Api\ProductRepositoryInterface $productRepository */
         $productRepository = Bootstrap::getObjectManager()
@@ -138,4 +161,29 @@ public function testSaveProductWithGalleryImage(): void
         $this->assertStringStartsWith('/m/a/magento_image', $product->getData('image'));
         $this->assertStringStartsWith('/m/a/magento_image', $product->getData('small_image'));
     }
+
+    /**
+     * Test Product Repository can change(update) "sku" for given product.
+     *
+     * @magentoDataFixture Magento/Catalog/_files/product_simple.php
+     * @magentoDbIsolation enabled
+     * @magentoAppArea adminhtml
+     */
+    public function testUpdateProductSku()
+    {
+        $newSku = 'simple-edited';
+        $productId = $this->productResource->getIdBySku('simple');
+        $initialProduct = $this->productFactory->create();
+        $this->productResource->load($initialProduct, $productId);
+
+        $initialProduct->setSku($newSku);
+        $this->productRepository->save($initialProduct);
+
+        $updatedProduct = $this->productFactory->create();
+        $this->productResource->load($updatedProduct, $productId);
+        self::assertSame($newSku, $updatedProduct->getSku());
+
+        //clean up.
+        $this->productRepository->delete($updatedProduct);
+    }
 }
diff --git a/dev/tests/integration/testsuite/Magento/CatalogSearch/Controller/ResultTest.php b/dev/tests/integration/testsuite/Magento/CatalogSearch/Controller/ResultTest.php
index 4cd0f124b6e46..4f8a279a59165 100644
--- a/dev/tests/integration/testsuite/Magento/CatalogSearch/Controller/ResultTest.php
+++ b/dev/tests/integration/testsuite/Magento/CatalogSearch/Controller/ResultTest.php
@@ -33,13 +33,15 @@ public function testIndexActionTranslation()
 
     public function testIndexActionXSSQueryVerification()
     {
+        $escaper = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()
+            ->get(\Magento\Framework\Escaper::class);
         $this->getRequest()->setParam('q', '<script>alert(1)</script>');
         $this->dispatch('catalogsearch/result');
 
         $responseBody = $this->getResponse()->getBody();
         $data = '<script>alert(1)</script>';
         $this->assertNotContains($data, $responseBody);
-        $this->assertContains(htmlspecialchars($data, ENT_COMPAT, 'UTF-8', false), $responseBody);
+        $this->assertContains($escaper->escapeHtml($data), $responseBody);
     }
 
     /**
diff --git a/dev/tests/integration/testsuite/Magento/Customer/Block/Adminhtml/Edit/Tab/OrdersTest.php b/dev/tests/integration/testsuite/Magento/Customer/Block/Adminhtml/Edit/Tab/OrdersTest.php
index 2e997a153d3af..ba4b6b6d80de0 100644
--- a/dev/tests/integration/testsuite/Magento/Customer/Block/Adminhtml/Edit/Tab/OrdersTest.php
+++ b/dev/tests/integration/testsuite/Magento/Customer/Block/Adminhtml/Edit/Tab/OrdersTest.php
@@ -6,6 +6,7 @@
 namespace Magento\Customer\Block\Adminhtml\Edit\Tab;
 
 use Magento\Customer\Controller\RegistryConstants;
+use Magento\Framework\Escaper;
 use Magento\TestFramework\Helper\Bootstrap;
 
 /**
@@ -29,6 +30,11 @@ class OrdersTest extends \PHPUnit\Framework\TestCase
      */
     private $coreRegistry;
 
+    /**
+     * @var Escaper
+     */
+    private $escaper;
+
     /**
      * Execute per test initialization.
      */
@@ -48,6 +54,7 @@ public function setUp()
             ['coreRegistry' => $this->coreRegistry]
         );
         $this->block->getPreparedCollection();
+        $this->escaper = $objectManager->get(Escaper::class);
     }
 
     /**
@@ -81,6 +88,9 @@ public function testGetGridUrl()
      */
     public function testToHtml()
     {
-        $this->assertContains("We couldn't find any records.", $this->block->toHtml());
+        $this->assertContains(
+            $this->escaper->escapeHtml("We couldn't find any records."),
+            $this->block->toHtml()
+        );
     }
 }
diff --git a/dev/tests/integration/testsuite/Magento/Customer/Block/Adminhtml/Edit/Tab/View/CartTest.php b/dev/tests/integration/testsuite/Magento/Customer/Block/Adminhtml/Edit/Tab/View/CartTest.php
index 3ade17d90fe99..41391d7900456 100644
--- a/dev/tests/integration/testsuite/Magento/Customer/Block/Adminhtml/Edit/Tab/View/CartTest.php
+++ b/dev/tests/integration/testsuite/Magento/Customer/Block/Adminhtml/Edit/Tab/View/CartTest.php
@@ -7,6 +7,7 @@
 namespace Magento\Customer\Block\Adminhtml\Edit\Tab\View;
 
 use Magento\Customer\Controller\RegistryConstants;
+use Magento\Framework\Escaper;
 use Magento\TestFramework\Helper\Bootstrap;
 
 /**
@@ -30,6 +31,11 @@ class CartTest extends \PHPUnit\Framework\TestCase
      */
     private $coreRegistry;
 
+    /**
+     * @var Escaper
+     */
+    private $escaper;
+
     /**
      * Execute per test initialization.
      */
@@ -49,6 +55,7 @@ public function setUp()
             ['coreRegistry' => $this->coreRegistry, 'data' => ['website_id' => 1]]
         );
         $this->block->getPreparedCollection();
+        $this->escaper = $objectManager->get(Escaper::class);
     }
 
     /**
@@ -84,7 +91,10 @@ public function testGetHeadersVisibility()
     public function testToHtmlEmptyCart()
     {
         $this->assertEquals(0, $this->block->getCollection()->getSize());
-        $this->assertContains('There are no items in customer\'s shopping cart.', $this->block->toHtml());
+        $this->assertContains(
+            $this->escaper->escapeHtml('There are no items in customer\'s shopping cart.'),
+            $this->block->toHtml()
+        );
     }
 
     /**
@@ -99,6 +109,6 @@ public function testToHtmlCartItem()
         $this->assertContains('Simple Product', $html);
         $this->assertContains('simple', $html);
         $this->assertContains('$10.00', $html);
-        $this->assertContains('catalog/product/edit/id/1', $html);
+        $this->assertContains($this->escaper->escapeHtmlAttr('catalog/product/edit/id/1'), $html);
     }
 }
diff --git a/dev/tests/integration/testsuite/Magento/CustomerImportExport/Model/Import/CustomerCompositeTest.php b/dev/tests/integration/testsuite/Magento/CustomerImportExport/Model/Import/CustomerCompositeTest.php
index ea2b47a9b806f..321e56cd16906 100644
--- a/dev/tests/integration/testsuite/Magento/CustomerImportExport/Model/Import/CustomerCompositeTest.php
+++ b/dev/tests/integration/testsuite/Magento/CustomerImportExport/Model/Import/CustomerCompositeTest.php
@@ -8,6 +8,9 @@
 use Magento\Framework\App\Filesystem\DirectoryList;
 use Magento\ImportExport\Model\Import\ErrorProcessing\ProcessingErrorAggregatorInterface;
 
+/**
+ * Test for CustomerComposite import class
+ */
 class CustomerCompositeTest extends \PHPUnit\Framework\TestCase
 {
     /**#@+
@@ -129,6 +132,9 @@ protected function _assertCustomerData(array $expectedData)
      * @param string $sourceFile
      * @param array $dataBefore
      * @param array $dataAfter
+     * @param int $updatedItemsCount
+     * @param int $createdItemsCount
+     * @param int $deletedItemsCount
      * @param array $errors
      *
      * @magentoDataFixture Magento/Customer/_files/import_export/customers_for_address_import.php
@@ -136,8 +142,16 @@ protected function _assertCustomerData(array $expectedData)
      *
      * @dataProvider importDataDataProvider
      */
-    public function testImportData($behavior, $sourceFile, array $dataBefore, array $dataAfter, array $errors = [])
-    {
+    public function testImportData(
+        $behavior,
+        $sourceFile,
+        array $dataBefore,
+        array $dataAfter,
+        $updatedItemsCount,
+        $createdItemsCount,
+        $deletedItemsCount,
+        array $errors = []
+    ) {
         \Magento\TestFramework\Helper\Bootstrap::getInstance()
             ->loadArea(\Magento\Framework\App\Area::AREA_FRONTEND);
         // set entity adapter parameters
@@ -173,6 +187,9 @@ public function testImportData($behavior, $sourceFile, array $dataBefore, array
 
         // import data
         $this->_entityAdapter->importData();
+        $this->assertSame($updatedItemsCount, $this->_entityAdapter->getUpdatedItemsCount());
+        $this->assertSame($createdItemsCount, $this->_entityAdapter->getCreatedItemsCount());
+        $this->assertSame($deletedItemsCount, $this->_entityAdapter->getDeletedItemsCount());
 
         // assert data after import
         $this->_assertCustomerData($dataAfter);
@@ -192,6 +209,10 @@ public function importDataDataProvider()
                 '$sourceFile' => $filesDirectory . self::DELETE_FILE_NAME,
                 '$dataBefore' => $this->_beforeImport,
                 '$dataAfter' => [],
+                '$updatedItemsCount' => 0,
+                '$createdItemsCount' => 0,
+                '$deletedItemsCount' => 1,
+                '$errors' => [],
             ],
         ];
 
@@ -200,6 +221,9 @@ public function importDataDataProvider()
             '$sourceFile' => $filesDirectory . self::UPDATE_FILE_NAME,
             '$dataBefore' => $this->_beforeImport,
             '$dataAfter' => $this->_afterImport,
+            '$updatedItemsCount' => 1,
+            '$createdItemsCount' => 3,
+            '$deletedItemsCount' => 0,
             '$errors' => [],
         ];
 
diff --git a/dev/tests/integration/testsuite/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button/DeleteTest.php b/dev/tests/integration/testsuite/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button/DeleteTest.php
index 92ae76b0d9a4d..c6cc68582ae6b 100644
--- a/dev/tests/integration/testsuite/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button/DeleteTest.php
+++ b/dev/tests/integration/testsuite/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button/DeleteTest.php
@@ -39,8 +39,8 @@ public function testRender()
         $buttonHtml = $this->deleteButtonBlock->render($integration);
         $this->assertContains('title="Remove"', $buttonHtml);
         $this->assertContains(
-            'onclick="this.setAttribute(\'data-url\', '
-            . '\'http://localhost/index.php/backend/admin/integration/delete/id/'
+            'onclick="this.setAttribute(&#039;data-url&#039;, '
+            . '&#039;http://localhost/index.php/backend/admin/integration/delete/id/'
             . $integration->getId(),
             $buttonHtml
         );
@@ -54,8 +54,8 @@ public function testRenderDisabled()
         $buttonHtml = $this->deleteButtonBlock->render($integration);
         $this->assertContains('title="Uninstall the extension to remove this integration"', $buttonHtml);
         $this->assertContains(
-            'onclick="this.setAttribute(\'data-url\', '
-            . '\'http://localhost/index.php/backend/admin/integration/delete/id/'
+            'onclick="this.setAttribute(&#039;data-url&#039;, '
+            . '&#039;http://localhost/index.php/backend/admin/integration/delete/id/'
             . $integration->getId(),
             $buttonHtml
         );
diff --git a/dev/tests/integration/testsuite/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button/EditTest.php b/dev/tests/integration/testsuite/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button/EditTest.php
index df180d020888a..0463053e6b5f1 100644
--- a/dev/tests/integration/testsuite/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button/EditTest.php
+++ b/dev/tests/integration/testsuite/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button/EditTest.php
@@ -40,7 +40,7 @@ public function testRenderEdit()
         $this->assertContains('title="Edit"', $buttonHtml);
         $this->assertContains('class="action edit"', $buttonHtml);
         $this->assertContains(
-            'onclick="window.location.href=\'http://localhost/index.php/backend/admin/integration/edit/id/'
+            'onclick="window.location.href=&#039;http://localhost/index.php/backend/admin/integration/edit/id/'
             . $integration->getId(),
             $buttonHtml
         );
diff --git a/dev/tests/integration/testsuite/Magento/Sales/Model/Order/ConfigTest.php b/dev/tests/integration/testsuite/Magento/Sales/Model/Order/ConfigTest.php
new file mode 100644
index 0000000000000..b1c9b22772cf8
--- /dev/null
+++ b/dev/tests/integration/testsuite/Magento/Sales/Model/Order/ConfigTest.php
@@ -0,0 +1,53 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Sales\Model\Order;
+
+use Magento\TestFramework\Helper\Bootstrap;
+use Magento\TestFramework\ObjectManager;
+
+/**
+ * Test class for \Magento\Sales\Model\Order\Config
+ */
+class ConfigTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * @var ObjectManager
+     */
+    private $objectManager;
+
+    /**
+     * @var Config
+     */
+    private $orderConfig;
+
+    /**
+     * @inheritdoc
+     */
+    protected function setUp()
+    {
+        $this->objectManager = Bootstrap::getObjectManager();
+        $this->orderConfig = $this->objectManager->create(Config::class);
+    }
+
+    /**
+     * Correct display of the list of "Order States" after assigning
+     * the state "complete" to a custom order status.
+     *
+     * @magentoDataFixture Magento/Sales/_files/order_status_assign_state_complete.php
+     */
+    public function testCorrectCompleteStatusInStatesList()
+    {
+        $allStates = $this->orderConfig->getStates();
+        /** @var Status $completeStatus */
+        $completeStatus = $this->objectManager->create(Status::class)
+            ->load(\Magento\Sales\Model\Order::STATE_COMPLETE);
+        $completeState = $allStates[$completeStatus->getStatus()];
+
+        $this->assertEquals($completeStatus->getLabel(), $completeState->getText());
+    }
+}
diff --git a/dev/tests/integration/testsuite/Magento/Sales/_files/order_status_assign_state_complete.php b/dev/tests/integration/testsuite/Magento/Sales/_files/order_status_assign_state_complete.php
new file mode 100644
index 0000000000000..4f2176036787d
--- /dev/null
+++ b/dev/tests/integration/testsuite/Magento/Sales/_files/order_status_assign_state_complete.php
@@ -0,0 +1,18 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+use Magento\Sales\Model\Order\Status;
+use Magento\TestFramework\Helper\Bootstrap;
+
+/** @var Status $orderStatus */
+$orderStatus = Bootstrap::getObjectManager()->create(Status::class);
+$data = [
+    'status' => 'custom_complete',
+    'label' => 'Custom Complete Status',
+];
+$orderStatus->setData($data)->save();
+$orderStatus->assignState(\Magento\Sales\Model\Order::STATE_COMPLETE, false, true);
diff --git a/dev/tests/integration/testsuite/Magento/Sales/_files/order_status_assign_state_complete_rollback.php b/dev/tests/integration/testsuite/Magento/Sales/_files/order_status_assign_state_complete_rollback.php
new file mode 100644
index 0000000000000..99187116db9d9
--- /dev/null
+++ b/dev/tests/integration/testsuite/Magento/Sales/_files/order_status_assign_state_complete_rollback.php
@@ -0,0 +1,14 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+use Magento\Sales\Model\Order\Status;
+use Magento\TestFramework\Helper\Bootstrap;
+
+/** @var Status $orderStatus */
+$orderStatus = Bootstrap::getObjectManager()->create(Status::class);
+$orderStatus->load('custom_complete', 'status');
+$orderStatus->delete();
diff --git a/dev/tests/integration/testsuite/Magento/Store/_files/second_store_with_second_currency.php b/dev/tests/integration/testsuite/Magento/Store/_files/second_store_with_second_currency.php
new file mode 100644
index 0000000000000..773ae52943f7f
--- /dev/null
+++ b/dev/tests/integration/testsuite/Magento/Store/_files/second_store_with_second_currency.php
@@ -0,0 +1,44 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+// phpcs:ignore Magento2.Security.IncludeFile
+require_once __DIR__ . '/second_store.php';
+
+$objectManager = \Magento\TestFramework\Helper\Bootstrap::getObjectManager();
+$store = $objectManager->create(\Magento\Store\Model\Store::class);
+if ($storeId = $store->load('fixture_second_store', 'code')->getId()) {
+    /** @var \Magento\Config\Model\ResourceModel\Config $configResource */
+    $configResource = $objectManager->get(\Magento\Config\Model\ResourceModel\Config::class);
+    $configResource->saveConfig(
+        \Magento\Directory\Model\Currency::XML_PATH_CURRENCY_DEFAULT,
+        'EUR',
+        \Magento\Store\Model\ScopeInterface::SCOPE_STORES,
+        $storeId
+    );
+    $configResource->saveConfig(
+        \Magento\Directory\Model\Currency::XML_PATH_CURRENCY_ALLOW,
+        'EUR',
+        \Magento\Store\Model\ScopeInterface::SCOPE_STORES,
+        $storeId
+    );
+    /**
+     * Configuration cache clean is required to reload currency setting
+     */
+    /** @var Magento\Config\App\Config\Type\System $config */
+    $config = $objectManager->get(\Magento\Config\App\Config\Type\System::class);
+    $config->clean();
+}
+
+
+/** @var \Magento\Directory\Model\ResourceModel\Currency $rate */
+$rate = $objectManager->create(\Magento\Directory\Model\ResourceModel\Currency::class);
+$rate->saveRates(
+    [
+        'USD' => ['EUR' => 2],
+        'EUR' => ['USD' => 0.5]
+    ]
+);
diff --git a/dev/tests/integration/testsuite/Magento/Store/_files/second_store_with_second_currency_rollback.php b/dev/tests/integration/testsuite/Magento/Store/_files/second_store_with_second_currency_rollback.php
new file mode 100644
index 0000000000000..6af1b0a5fed85
--- /dev/null
+++ b/dev/tests/integration/testsuite/Magento/Store/_files/second_store_with_second_currency_rollback.php
@@ -0,0 +1,27 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+$objectManager = \Magento\TestFramework\Helper\Bootstrap::getObjectManager();
+$store = $objectManager->create(\Magento\Store\Model\Store::class);
+$storeId = $store->load('fixture_second_store', 'code')->getId();
+
+if ($storeId) {
+    $configResource = $objectManager->get(\Magento\Config\Model\ResourceModel\Config::class);
+    $configResource->deleteConfig(
+        \Magento\Directory\Model\Currency::XML_PATH_CURRENCY_DEFAULT,
+        \Magento\Store\Model\ScopeInterface::SCOPE_STORES,
+        $storeId
+    );
+    $configResource->deleteConfig(
+        \Magento\Directory\Model\Currency::XML_PATH_CURRENCY_ALLOW,
+        \Magento\Store\Model\ScopeInterface::SCOPE_STORES,
+        $storeId
+    );
+}
+
+// phpcs:ignore Magento2.Security.IncludeFile
+require_once 'second_store_rollback.php';
diff --git a/dev/tests/integration/testsuite/Magento/Tax/Controller/Adminhtml/RateTest.php b/dev/tests/integration/testsuite/Magento/Tax/Controller/Adminhtml/RateTest.php
index c2f7b498e63e3..ae5f81817ddbf 100644
--- a/dev/tests/integration/testsuite/Magento/Tax/Controller/Adminhtml/RateTest.php
+++ b/dev/tests/integration/testsuite/Magento/Tax/Controller/Adminhtml/RateTest.php
@@ -17,7 +17,7 @@ class RateTest extends \Magento\TestFramework\TestCase\AbstractBackendController
      */
     public function testAjaxSaveAction($postData, $expectedData)
     {
-        $this->getRequest()->setPostValue($postData);
+        $this->getRequest()->setPostValue($postData)->setMethod('POST');
 
         $this->dispatch('backend/tax/rate/ajaxSave');
 
@@ -85,7 +85,7 @@ public function ajaxSaveActionDataProvider()
      */
     public function testAjaxSaveActionInvalidData($postData, $expectedData)
     {
-        $this->getRequest()->setPostValue($postData);
+        $this->getRequest()->setPostValue($postData)->setMethod('POST');
 
         $this->dispatch('backend/tax/rate/ajaxSave');
 
diff --git a/dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/Locks/GridTest.php b/dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/Locks/GridTest.php
index 4a1c8c722b18d..69265f33b305a 100644
--- a/dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/Locks/GridTest.php
+++ b/dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/Locks/GridTest.php
@@ -5,7 +5,12 @@
  */
 namespace Magento\User\Controller\Adminhtml\Locks;
 
-class GridTest extends \Magento\TestFramework\TestCase\AbstractBackendController
+use Magento\TestFramework\TestCase\AbstractBackendController;
+
+/**
+ * Testing the list of locked users.
+ */
+class GridTest extends AbstractBackendController
 {
     /**
      * Test index action
@@ -24,11 +29,11 @@ public function testGridAction()
         $this->assertContains('data-column="failures_num"', $body);
         $this->assertContains('data-column="lock_expires"', $body);
         $this->assertRegExp(
-            '/<td data-column\="username"\s*class\="\s*col-name\s*col-username\s*"\s*>\s*adminUser1\s*<\/td>/',
+            '/<td data-column\="username"\s*class\="[^"]*col-name[^"]*col-username[^"]*"\s*>\s*adminUser1\s*<\/td>/',
             $body
         );
         $this->assertRegExp(
-            '/<td data-column\="username"\s*class\="\s*col-name\s*col-username\s*"\s*>\s*adminUser2\s*<\/td>/',
+            '/<td data-column\="username"\s*class\="[^"]*col-name[^"]*col-username[^"]*"\s*>\s*adminUser2\s*<\/td>/',
             $body
         );
     }
diff --git a/dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/Locks/IndexTest.php b/dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/Locks/IndexTest.php
index c43bd1ef3f7f8..59cb49c7831eb 100644
--- a/dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/Locks/IndexTest.php
+++ b/dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/Locks/IndexTest.php
@@ -5,6 +5,9 @@
  */
 namespace Magento\User\Controller\Adminhtml\Locks;
 
+/**
+ * Testing locked users list.
+ */
 class IndexTest extends \Magento\TestFramework\TestCase\AbstractBackendController
 {
     /**
@@ -20,11 +23,11 @@ public function testIndexAction()
         $body = $this->getResponse()->getBody();
         $this->assertContains('<h1 class="page-title">Locked Users</h1>', $body);
         $this->assertRegExp(
-            '/<td data-column\="username"\s*class\="\s*col-name\s*col-username\s*"\s*>\s*adminUser1\s*<\/td>/',
+            '/<td data-column\="username"\s*class\="[^"]*col-name[^"]*col-username[^"]*"\s*>\s*adminUser1\s*<\/td>/',
             $body
         );
         $this->assertRegExp(
-            '/<td data-column\="username"\s*class\="\s*col-name\s*col-username\s*"\s*>\s*adminUser2\s*<\/td>/',
+            '/<td data-column\="username"\s*class\="[^"]*col-name[^"]*col-username\s*"[^"]*>\s*adminUser2\s*<\/td>/',
             $body
         );
     }
diff --git a/lib/internal/Magento/Framework/Convert/Excel.php b/lib/internal/Magento/Framework/Convert/Excel.php
index 09acd88b38a7f..13d8c0fa9d56b 100644
--- a/lib/internal/Magento/Framework/Convert/Excel.php
+++ b/lib/internal/Magento/Framework/Convert/Excel.php
@@ -12,6 +12,11 @@
  */
 class Excel
 {
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * \ArrayIterator Object
      *
@@ -45,15 +50,23 @@ class Excel
      *
      * @param \Iterator $iterator
      * @param array $rowCallback
+     * @param \Magento\Framework\Escaper|null $escaper
      */
-    public function __construct(\Iterator $iterator, $rowCallback = [])
-    {
+    public function __construct(
+        \Iterator $iterator,
+        $rowCallback = [],
+        \Magento\Framework\Escaper $escaper = null
+    ) {
         $this->_iterator = $iterator;
         $this->_rowCallback = $rowCallback;
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
     }
 
     /**
      * Retrieve Excel XML Document Header XML Fragment
+     *
      * Append data header if it is available
      *
      * @param string $sheetName
@@ -65,7 +78,7 @@ protected function _getXmlHeader($sheetName = '')
             $sheetName = 'Sheet 1';
         }
 
-        $sheetName = htmlspecialchars($sheetName);
+        $sheetName = $this->escaper->escapeHtml($sheetName);
 
         $xmlHeader = '<' .
             '?xml version="1.0"?' .
@@ -98,6 +111,7 @@ protected function _getXmlHeader($sheetName = '')
 
     /**
      * Retrieve Excel XML Document Footer XML Fragment
+     *
      * Append data footer if it is available
      *
      * @return string
@@ -133,7 +147,7 @@ protected function _getXmlRow($row, $useCallback)
         $xmlData[] = '<Row>';
 
         foreach ($row as $value) {
-            $value = htmlspecialchars($value);
+            $value = $this->escaper->escapeHtml($value);
             $dataType = is_numeric($value) && $value[0] !== '+' && $value[0] !== '0' ? 'Number' : 'String';
 
             /**
diff --git a/lib/internal/Magento/Framework/Data/Form/Element/AbstractElement.php b/lib/internal/Magento/Framework/Data/Form/Element/AbstractElement.php
index 14f4df7208b04..ff1e3ba63ba8a 100644
--- a/lib/internal/Magento/Framework/Data/Form/Element/AbstractElement.php
+++ b/lib/internal/Magento/Framework/Data/Form/Element/AbstractElement.php
@@ -13,6 +13,7 @@
 /**
  * Data form abstract class
  *
+ * phpcs:disable Magento2.Classes.AbstractApi
  * @api
  * @author     Magento Core Team <core@magentocommerce.com>
  * @SuppressWarnings(PHPMD.NumberOfChildren)
@@ -291,7 +292,7 @@ public function removeClass($class)
      */
     protected function _escape($string)
     {
-        return htmlspecialchars($string, ENT_COMPAT);
+        return $this->_escaper->escapeHtml($string);
     }
 
     /**
diff --git a/lib/internal/Magento/Framework/Data/Form/Filter/Escapehtml.php b/lib/internal/Magento/Framework/Data/Form/Filter/Escapehtml.php
index 6feca703f15fe..54821217ca124 100644
--- a/lib/internal/Magento/Framework/Data/Form/Filter/Escapehtml.php
+++ b/lib/internal/Magento/Framework/Data/Form/Filter/Escapehtml.php
@@ -11,8 +11,27 @@
  */
 namespace Magento\Framework\Data\Form\Filter;
 
+/**
+ * EscapeHtml Form Filter Data
+ */
 class Escapehtml implements \Magento\Framework\Data\Form\Filter\FilterInterface
 {
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
+    /**
+     * @param \Magento\Framework\Escaper|null $escaper
+     */
+    public function __construct(
+        \Magento\Framework\Escaper $escaper = null
+    ) {
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
+    }
+
     /**
      * Returns the result of filtering $value
      *
@@ -32,6 +51,6 @@ public function inputFilter($value)
      */
     public function outputFilter($value)
     {
-        return htmlspecialchars($value);
+        return $this->escaper->escapeHtml($value);
     }
 }
diff --git a/lib/internal/Magento/Framework/Data/Form/FormKey.php b/lib/internal/Magento/Framework/Data/Form/FormKey.php
index 75b3311b4ffe9..355460902eee6 100644
--- a/lib/internal/Magento/Framework/Data/Form/FormKey.php
+++ b/lib/internal/Magento/Framework/Data/Form/FormKey.php
@@ -3,10 +3,16 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\Framework\Data\Form;
 
 /**
+ * Class FormKey
+ *
  * @api
+ *
+ * @SuppressWarnings(PHPMD.CookieAndSessionMisuse)
  */
 class FormKey
 {
@@ -50,24 +56,29 @@ public function __construct(
      * Retrieve Session Form Key
      *
      * @return string A 16 bit unique key for forms
+     * @throws \Magento\Framework\Exception\LocalizedException
      */
     public function getFormKey()
     {
         if (!$this->isPresent()) {
             $this->set($this->mathRandom->getRandomString(16));
         }
-        return $this->escaper->escapeHtmlAttr($this->session->getData(self::FORM_KEY));
+        return $this->escaper->escapeJs($this->session->getData(self::FORM_KEY));
     }
 
     /**
+     * Determine if the form key is present in the session
+     *
      * @return bool
      */
     public function isPresent()
     {
-        return (bool)$this->session->getData(self::FORM_KEY);
+        return (bool) $this->session->getData(self::FORM_KEY);
     }
 
     /**
+     * Set the value of the form key
+     *
      * @param string $value
      * @return void
      */
diff --git a/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/AbstractElementTest.php b/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/AbstractElementTest.php
index d9dafddc571b8..2bd6a29477050 100644
--- a/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/AbstractElementTest.php
+++ b/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/AbstractElementTest.php
@@ -3,12 +3,11 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+namespace Magento\Framework\Data\Test\Unit\Form\Element;
 
 /**
  * Tests for \Magento\Framework\Data\Form\Element\AbstractElement
  */
-namespace Magento\Framework\Data\Test\Unit\Form\Element;
-
 class AbstractElementTest extends \PHPUnit\Framework\TestCase
 {
     /**
@@ -242,9 +241,9 @@ public function testRemoveClass()
      */
     public function testGetEscapedValueWithoutFilter()
     {
-        $this->_model->setValue('<a href="#hash_tag">my \'quoted\' string</a>');
+        $this->_model->setValue('<a href="#hash_tag">my &#039;quoted&#039; string</a>');
         $this->assertEquals(
-            '&lt;a href=&quot;#hash_tag&quot;&gt;my \'quoted\' string&lt;/a&gt;',
+            '&lt;a href=&quot;#hash_tag&quot;&gt;my &#039;quoted&#039; string&lt;/a&gt;',
             $this->_model->getEscapedValue()
         );
     }
@@ -254,8 +253,8 @@ public function testGetEscapedValueWithoutFilter()
      */
     public function testGetEscapedValueWithFilter()
     {
-        $value = '<a href="#hash_tag">my \'quoted\' string</a>';
-        $expectedValue = '&lt;a href=&quot;#hash_tag&quot;&gt;my \'quoted\' string&lt;/a&gt;';
+        $value = '<a href="#hash_tag">my &#039;quoted&#039; string</a>';
+        $expectedValue = '&lt;a href=&quot;#hash_tag&quot;&gt;my &#039;quoted&#039; string&lt;/a&gt;';
 
         $filterMock = $this->createPartialMock(\Magento\Framework\DataObject::class, ['filter']);
         $filterMock->expects($this->once())
diff --git a/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/LabelTest.php b/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/LabelTest.php
index 8420f8e421f7b..ec625a1cdd4a5 100644
--- a/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/LabelTest.php
+++ b/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/LabelTest.php
@@ -3,18 +3,15 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+namespace Magento\Framework\Data\Test\Unit\Form\Element;
 
 /**
  * Tests for \Magento\Framework\Data\Form\Element\Label
  */
-namespace Magento\Framework\Data\Test\Unit\Form\Element;
-
 class LabelTest extends \PHPUnit\Framework\TestCase
 {
-    /**
-     * @var \PHPUnit_Framework_MockObject_MockObject
-     */
-    protected $_objectManagerMock;
+    /** @var \Magento\Framework\TestFramework\Unit\Helper\ObjectManager */
+    private $objectManager;
 
     /**
      * @var \Magento\Framework\Data\Form\Element\Label
@@ -25,11 +22,14 @@ protected function setUp()
     {
         $factoryMock = $this->createMock(\Magento\Framework\Data\Form\Element\Factory::class);
         $collectionFactoryMock = $this->createMock(\Magento\Framework\Data\Form\Element\CollectionFactory::class);
-        $escaperMock = $this->createMock(\Magento\Framework\Escaper::class);
+        $this->objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
+        $escaper = $this->objectManager->getObject(
+            \Magento\Framework\Escaper::class
+        );
         $this->_label = new \Magento\Framework\Data\Form\Element\Label(
             $factoryMock,
             $collectionFactoryMock,
-            $escaperMock
+            $escaper
         );
     }
 
diff --git a/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/MultilineTest.php b/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/MultilineTest.php
index 9a391da4d65dd..85482e05188ab 100644
--- a/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/MultilineTest.php
+++ b/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/MultilineTest.php
@@ -5,8 +5,14 @@
  */
 namespace Magento\Framework\Data\Test\Unit\Form\Element;
 
+/**
+ * Test for \Magento\Framework\Data\Form\Element\Multiline
+ */
 class MultilineTest extends \PHPUnit\Framework\TestCase
 {
+    /** @var \Magento\Framework\TestFramework\Unit\Helper\ObjectManager */
+    private $objectManager;
+
     /**
      * @var \Magento\Framework\Data\Form\Element\Multiline
      */
@@ -37,9 +43,11 @@ protected function setUp()
             ->disableOriginalConstructor()
             ->getMock();
 
-        $this->escaper = $this->getMockBuilder(\Magento\Framework\Escaper::class)
-            ->disableOriginalConstructor()
-            ->getMock();
+        $this->objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
+
+        $this->escaper = $this->objectManager->getObject(
+            \Magento\Framework\Escaper::class
+        );
 
         $this->element = new \Magento\Framework\Data\Form\Element\Multiline(
             $this->elementFactory,
diff --git a/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/ObscureTest.php b/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/ObscureTest.php
index bb0b67a40abea..cec024fd4073b 100644
--- a/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/ObscureTest.php
+++ b/lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/ObscureTest.php
@@ -3,18 +3,15 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+namespace Magento\Framework\Data\Test\Unit\Form\Element;
 
 /**
  * Tests for \Magento\Framework\Data\Form\Element\Obscure
  */
-namespace Magento\Framework\Data\Test\Unit\Form\Element;
-
 class ObscureTest extends \PHPUnit\Framework\TestCase
 {
-    /**
-     * @var \PHPUnit_Framework_MockObject_MockObject
-     */
-    protected $_objectManagerMock;
+    /** @var \Magento\Framework\TestFramework\Unit\Helper\ObjectManager */
+    private $objectManager;
 
     /**
      * @var \Magento\Framework\Data\Form\Element\Obscure
@@ -25,11 +22,14 @@ protected function setUp()
     {
         $factoryMock = $this->createMock(\Magento\Framework\Data\Form\Element\Factory::class);
         $collectionFactoryMock = $this->createMock(\Magento\Framework\Data\Form\Element\CollectionFactory::class);
-        $escaperMock = $this->createMock(\Magento\Framework\Escaper::class);
+        $this->objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
+        $escaper = $this->objectManager->getObject(
+            \Magento\Framework\Escaper::class
+        );
         $this->_model = new \Magento\Framework\Data\Form\Element\Obscure(
             $factoryMock,
             $collectionFactoryMock,
-            $escaperMock
+            $escaper
         );
         $formMock = new \Magento\Framework\DataObject();
         $formMock->getHtmlIdPrefix('id_prefix');
diff --git a/lib/internal/Magento/Framework/Data/Test/Unit/Form/FormKeyTest.php b/lib/internal/Magento/Framework/Data/Test/Unit/Form/FormKeyTest.php
index 5d765955f3673..eb642278694c0 100644
--- a/lib/internal/Magento/Framework/Data/Test/Unit/Form/FormKeyTest.php
+++ b/lib/internal/Magento/Framework/Data/Test/Unit/Form/FormKeyTest.php
@@ -10,6 +10,9 @@
 use Magento\Framework\Math\Random;
 use Magento\Framework\Session\SessionManager;
 
+/**
+ * Class FormKeyTest
+ */
 class FormKeyTest extends \PHPUnit\Framework\TestCase
 {
     /**
@@ -38,7 +41,7 @@ protected function setUp()
         $methods = ['setData', 'getData'];
         $this->sessionMock = $this->createPartialMock(\Magento\Framework\Session\SessionManager::class, $methods);
         $this->escaperMock = $this->createMock(\Magento\Framework\Escaper::class);
-        $this->escaperMock->expects($this->any())->method('escapeHtmlAttr')->willReturnArgument(0);
+        $this->escaperMock->expects($this->any())->method('escapeJs')->willReturnArgument(0);
         $this->formKey = new FormKey(
             $this->mathRandomMock,
             $this->sessionMock,
diff --git a/lib/internal/Magento/Framework/Escaper.php b/lib/internal/Magento/Framework/Escaper.php
index c4150851ec40d..216afc0409b50 100644
--- a/lib/internal/Magento/Framework/Escaper.php
+++ b/lib/internal/Magento/Framework/Escaper.php
@@ -13,6 +13,11 @@
  */
 class Escaper
 {
+    /**
+     * HTML special characters flag
+     */
+    private $htmlSpecialCharsFlag = ENT_QUOTES | ENT_SUBSTITUTE;
+
     /**
      * @var \Magento\Framework\ZendEscaper
      */
@@ -74,6 +79,7 @@ public function escapeHtml($data, $allowedTags = null)
                 $domDocument = new \DOMDocument('1.0', 'UTF-8');
                 set_error_handler(
                     function ($errorNumber, $errorString) {
+                        // phpcs:ignore Magento2.Exceptions.DirectThrow
                         throw new \Exception($errorString, $errorNumber);
                     }
                 );
@@ -83,6 +89,7 @@ function ($errorNumber, $errorString) {
                     $domDocument->loadHTML(
                         '<html><body id="' . $wrapperElementId . '">' . $string . '</body></html>'
                     );
+                    // phpcs:disable Magento2.Exceptions.ThrowCatch
                 } catch (\Exception $e) {
                     restore_error_handler();
                     $this->getLogger()->critical($e);
@@ -98,7 +105,7 @@ function ($errorNumber, $errorString) {
                 preg_match('/<body id="' . $wrapperElementId . '">(.+)<\/body><\/html>$/si', $result, $matches);
                 return !empty($matches) ? $matches[1] : '';
             } else {
-                $result = htmlspecialchars($data, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8', false);
+                $result = htmlspecialchars($data, $this->htmlSpecialCharsFlag, 'UTF-8', false);
             }
         } else {
             $result = $data;
@@ -217,7 +224,7 @@ public function escapeHtmlAttr($string, $escapeSingleQuote = true)
         if ($escapeSingleQuote) {
             return $this->getEscaper()->escapeHtmlAttr((string) $string);
         }
-        return htmlspecialchars((string)$string, ENT_COMPAT, 'UTF-8', false);
+        return htmlspecialchars((string)$string, $this->htmlSpecialCharsFlag, 'UTF-8', false);
     }
 
     /**
@@ -314,7 +321,7 @@ public function escapeXssInUrl($data)
     {
         return htmlspecialchars(
             $this->escapeScriptIdentifiers((string)$data),
-            ENT_COMPAT | ENT_HTML5 | ENT_HTML401,
+            $this->htmlSpecialCharsFlag | ENT_HTML5 | ENT_HTML401,
             'UTF-8',
             false
         );
@@ -351,7 +358,7 @@ public function escapeQuote($data, $addSlashes = false)
         if ($addSlashes === true) {
             $data = addslashes($data);
         }
-        return htmlspecialchars($data, ENT_QUOTES, null, false);
+        return htmlspecialchars($data, $this->htmlSpecialCharsFlag, null, false);
     }
 
     /**
diff --git a/lib/internal/Magento/Framework/Filter/NormalizedToLocalized.php b/lib/internal/Magento/Framework/Filter/NormalizedToLocalized.php
new file mode 100644
index 0000000000000..bd42c79486ee8
--- /dev/null
+++ b/lib/internal/Magento/Framework/Filter/NormalizedToLocalized.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Framework\Filter;
+
+/**
+ * Class NormalizedToLocalized
+ */
+class NormalizedToLocalized extends \Zend_Filter_NormalizedToLocalized
+{
+}
diff --git a/lib/internal/Magento/Framework/Stdlib/Parameters.php b/lib/internal/Magento/Framework/Stdlib/Parameters.php
new file mode 100644
index 0000000000000..dcefaf85d390e
--- /dev/null
+++ b/lib/internal/Magento/Framework/Stdlib/Parameters.php
@@ -0,0 +1,109 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Framework\Stdlib;
+
+use Zend\Stdlib\Parameters as ZendParameters;
+
+/**
+ * Class Parameters
+ */
+class Parameters
+{
+    /**
+     * @var ZendParameters
+     */
+    private $parameters;
+
+    /**
+     * @param ZendParameters $parameters
+     */
+    public function __construct(
+        ZendParameters $parameters
+    ) {
+        $this->parameters = $parameters;
+    }
+
+    /**
+     * Populate from native PHP array
+     *
+     * @param  array $values
+     * @return void
+     */
+    public function fromArray(array $values)
+    {
+        $this->parameters->fromArray($values);
+    }
+
+    /**
+     * Populate from query string
+     *
+     * @param  string $string
+     * @return void
+     */
+    public function fromString($string)
+    {
+        $this->parameters->fromString($string);
+    }
+
+    /**
+     * Serialize to native PHP array
+     *
+     * @return array
+     */
+    public function toArray()
+    {
+        return $this->parameters->toArray();
+    }
+
+    /**
+     * Serialize to query string
+     *
+     * @return string
+     */
+    public function toString()
+    {
+        return $this->parameters->toString();
+    }
+
+    /**
+     * Retrieve by key
+     *
+     * Returns null if the key does not exist.
+     *
+     * @param  string $name
+     * @return mixed
+     */
+    public function offsetGet($name)
+    {
+        return $this->parameters->offsetGet($name);
+    }
+
+    /**
+     * Get name
+     *
+     * @param string $name
+     * @param mixed $default optional default value
+     * @return mixed
+     */
+    public function get($name, $default = null)
+    {
+        return $this->parameters->get($name, $default);
+    }
+
+    /**
+     * Set name
+     *
+     * @param string $name
+     * @param mixed $value
+     * @return \Zend\Stdlib\Parameters
+     */
+    public function set($name, $value)
+    {
+        return $this->parameters->set($name, $value);
+    }
+}
diff --git a/lib/internal/Magento/Framework/Test/Unit/Data/Form/Element/HiddenTest.php b/lib/internal/Magento/Framework/Test/Unit/Data/Form/Element/HiddenTest.php
index 7d54337f377fa..7e80aac105090 100644
--- a/lib/internal/Magento/Framework/Test/Unit/Data/Form/Element/HiddenTest.php
+++ b/lib/internal/Magento/Framework/Test/Unit/Data/Form/Element/HiddenTest.php
@@ -21,7 +21,15 @@ class HiddenTest extends \PHPUnit\Framework\TestCase
     protected function setUp()
     {
         $objectManager = new ObjectManager($this);
-        $this->element = $objectManager->getObject(\Magento\Framework\Data\Form\Element\Hidden::class);
+        $escaper = $objectManager->getObject(
+            \Magento\Framework\Escaper::class
+        );
+        $this->element = $objectManager->getObject(
+            \Magento\Framework\Data\Form\Element\Hidden::class,
+            [
+                'escaper' => $escaper
+            ]
+        );
     }
 
     /**
diff --git a/lib/internal/Magento/Framework/View/Element/Html/Date.php b/lib/internal/Magento/Framework/View/Element/Html/Date.php
index 558e39427cb44..909938256b133 100644
--- a/lib/internal/Magento/Framework/View/Element/Html/Date.php
+++ b/lib/internal/Magento/Framework/View/Element/Html/Date.php
@@ -78,7 +78,7 @@ public function getEscapedValue()
         if ($this->getFormat() && $this->getValue()) {
             return strftime($this->getFormat(), strtotime($this->getValue()));
         }
-        return htmlspecialchars($this->getValue());
+        return $this->escapeHtml($this->getValue());
     }
 
     /**
diff --git a/lib/internal/Magento/Framework/View/Page/Config.php b/lib/internal/Magento/Framework/View/Page/Config.php
index b29a0feda9d60..4e57b2897a8d0 100644
--- a/lib/internal/Magento/Framework/View/Page/Config.php
+++ b/lib/internal/Magento/Framework/View/Page/Config.php
@@ -54,6 +54,11 @@ class Config
      */
     const HTML_ATTRIBUTE_LANG = 'lang';
 
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * Allowed group of types
      *
@@ -164,6 +169,7 @@ private function getAreaResolver()
      * @param Title $title
      * @param \Magento\Framework\Locale\ResolverInterface $localeResolver
      * @param bool $isIncludesAvailable
+     * @param \Magento\Framework\Escaper|null $escaper
      */
     public function __construct(
         View\Asset\Repository $assetRepo,
@@ -172,7 +178,8 @@ public function __construct(
         View\Page\FaviconInterface $favicon,
         Title $title,
         \Magento\Framework\Locale\ResolverInterface $localeResolver,
-        $isIncludesAvailable = true
+        $isIncludesAvailable = true,
+        \Magento\Framework\Escaper $escaper = null
     ) {
         $this->assetRepo = $assetRepo;
         $this->pageAssets = $pageAssets;
@@ -186,6 +193,9 @@ public function __construct(
             self::HTML_ATTRIBUTE_LANG,
             strstr($this->localeResolver->getLocale(), '_', true)
         );
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
     }
 
     /**
@@ -245,7 +255,7 @@ public function getTitle()
     public function setMetadata($name, $content)
     {
         $this->build();
-        $this->metadata[$name] = htmlspecialchars($content);
+        $this->metadata[$name] = $this->escaper->escapeHtml($content);
     }
 
     /**
diff --git a/lib/internal/Magento/Framework/View/Test/Unit/Page/ConfigTest.php b/lib/internal/Magento/Framework/View/Test/Unit/Page/ConfigTest.php
index 44e6e878a18c1..a1d522032a188 100644
--- a/lib/internal/Magento/Framework/View/Test/Unit/Page/ConfigTest.php
+++ b/lib/internal/Magento/Framework/View/Test/Unit/Page/ConfigTest.php
@@ -19,6 +19,9 @@
  */
 class ConfigTest extends \PHPUnit\Framework\TestCase
 {
+    /** @var \Magento\Framework\TestFramework\Unit\Helper\ObjectManager */
+    private $objectManager;
+
     /**
      * @var Config
      */
@@ -90,6 +93,10 @@ protected function setUp()
         $this->localeMock->expects($this->any())
             ->method('getLocale')
             ->willReturn(Resolver::DEFAULT_LOCALE);
+        $this->objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
+        $escaper = $this->objectManager->getObject(
+            \Magento\Framework\Escaper::class
+        );
         $this->model = (new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this))
             ->getObject(
                 \Magento\Framework\View\Page\Config::class,
@@ -98,7 +105,8 @@ protected function setUp()
                     'pageAssets' => $this->pageAssets,
                     'scopeConfig' => $this->scopeConfig,
                     'favicon' => $this->favicon,
-                    'localeResolver' => $this->localeMock
+                    'localeResolver' => $this->localeMock,
+                    'escaper' => $escaper
                 ]
             );
 
diff --git a/lib/web/mage/utils/compare.js b/lib/web/mage/utils/compare.js
index e620677f01768..bfc2027d6fb89 100644
--- a/lib/web/mage/utils/compare.js
+++ b/lib/web/mage/utils/compare.js
@@ -43,7 +43,7 @@ define([
             }
 
             return array.every(function (value, index) {
-                return target.indexOf(value) === index;
+                return target[index] === value;
             });
         });
     }
diff --git a/setup/performance-toolkit/benchmark.jmx b/setup/performance-toolkit/benchmark.jmx
index c2e64b9c244b8..5abad1e74d74c 100644
--- a/setup/performance-toolkit/benchmark.jmx
+++ b/setup/performance-toolkit/benchmark.jmx
@@ -13766,7 +13766,7 @@ vars.putObject("product_attributes", attributes);
       <RegexExtractor guiclass="RegexExtractorGui" testclass="RegexExtractor" testname="Regular Expression Extractor" enabled="true">
         <stringProp name="RegexExtractor.useHeaders">false</stringProp>
         <stringProp name="RegexExtractor.refname">attribute_set_id</stringProp>
-        <stringProp name="RegexExtractor.regex">catalog\/product_set\/edit\/id\/([\d]+)\/"[\D\d]*Attribute Set 1</stringProp>
+        <stringProp name="RegexExtractor.regex">catalog&amp;#x2F;product_set&amp;#x2F;edit&amp;#x2F;id&amp;#x2F;([\d]+)&amp;#x2F;"[\D\d]*Attribute Set 1</stringProp>
         <stringProp name="RegexExtractor.template">$1$</stringProp>
         <stringProp name="RegexExtractor.default"/>
         <stringProp name="RegexExtractor.match_number">1</stringProp>
@@ -34153,7 +34153,7 @@ vars.putObject("product_attributes", attributes);
       <RegexExtractor guiclass="RegexExtractorGui" testclass="RegexExtractor" testname="Regular Expression Extractor" enabled="true">
         <stringProp name="RegexExtractor.useHeaders">false</stringProp>
         <stringProp name="RegexExtractor.refname">attribute_set_id</stringProp>
-        <stringProp name="RegexExtractor.regex">catalog\/product_set\/edit\/id\/([\d]+)\/"[\D\d]*Attribute Set 1</stringProp>
+        <stringProp name="RegexExtractor.regex">catalog&amp;#x2F;product_set&amp;#x2F;edit&amp;#x2F;id&amp;#x2F;([\d]+)&amp;#x2F;"[\D\d]*Attribute Set 1</stringProp>
         <stringProp name="RegexExtractor.template">$1$</stringProp>
         <stringProp name="RegexExtractor.default"/>
         <stringProp name="RegexExtractor.match_number">1</stringProp>
@@ -53445,7 +53445,7 @@ vars.putObject("product_attributes", attributes);
       <RegexExtractor guiclass="RegexExtractorGui" testclass="RegexExtractor" testname="Regular Expression Extractor" enabled="true">
         <stringProp name="RegexExtractor.useHeaders">false</stringProp>
         <stringProp name="RegexExtractor.refname">attribute_set_id</stringProp>
-        <stringProp name="RegexExtractor.regex">catalog\/product_set\/edit\/id\/([\d]+)\/"[\D\d]*Attribute Set 1</stringProp>
+        <stringProp name="RegexExtractor.regex">catalog&amp;#x2F;product_set&amp;#x2F;edit&amp;#x2F;id&amp;#x2F;([\d]+)&amp;#x2F;"[\D\d]*Attribute Set 1</stringProp>
         <stringProp name="RegexExtractor.template">$1$</stringProp>
         <stringProp name="RegexExtractor.default"/>
         <stringProp name="RegexExtractor.match_number">1</stringProp>
diff --git a/setup/src/Magento/Setup/Model/DependencyReadinessCheck.php b/setup/src/Magento/Setup/Model/DependencyReadinessCheck.php
index 4adb3a6a49b0d..95912272dfa4c 100644
--- a/setup/src/Magento/Setup/Model/DependencyReadinessCheck.php
+++ b/setup/src/Magento/Setup/Model/DependencyReadinessCheck.php
@@ -17,6 +17,11 @@
  */
 class DependencyReadinessCheck
 {
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * @var ComposerJsonFinder
      */
@@ -49,18 +54,23 @@ class DependencyReadinessCheck
      * @param DirectoryList $directoryList
      * @param File $file
      * @param MagentoComposerApplicationFactory $composerAppFactory
+     * @param \Magento\Framework\Escaper|null $escaper
      */
     public function __construct(
         ComposerJsonFinder $composerJsonFinder,
         DirectoryList $directoryList,
         File $file,
-        MagentoComposerApplicationFactory $composerAppFactory
+        MagentoComposerApplicationFactory $composerAppFactory,
+        \Magento\Framework\Escaper $escaper = null
     ) {
         $this->composerJsonFinder = $composerJsonFinder;
         $this->directoryList = $directoryList;
         $this->file = $file;
         $this->requireUpdateDryRunCommand = $composerAppFactory->createRequireUpdateDryRunCommand();
         $this->magentoComposerApplication = $composerAppFactory->create();
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
     }
 
     /**
@@ -91,7 +101,7 @@ public function runReadinessCheck(array $packages)
             $this->requireUpdateDryRunCommand->run($packages, $workingDir);
             return ['success' => true];
         } catch (\RuntimeException $e) {
-            $message = str_replace(PHP_EOL, '<br/>', htmlspecialchars($e->getMessage()));
+            $message = str_replace(PHP_EOL, '<br/>', $this->escaper->escapeHtml($e->getMessage()));
             return ['success' => false, 'error' => $message];
         }
     }
diff --git a/setup/src/Magento/Setup/Model/UninstallDependencyCheck.php b/setup/src/Magento/Setup/Model/UninstallDependencyCheck.php
index 757ee99f7f1ba..f3deb405ab6c0 100644
--- a/setup/src/Magento/Setup/Model/UninstallDependencyCheck.php
+++ b/setup/src/Magento/Setup/Model/UninstallDependencyCheck.php
@@ -8,6 +8,7 @@
 
 use Magento\Framework\Composer\ComposerInformation;
 use Magento\Framework\Composer\DependencyChecker;
+use Magento\Framework\Exception\RuntimeException;
 use Magento\Theme\Model\Theme\ThemeDependencyChecker;
 
 /**
@@ -15,6 +16,11 @@
  */
 class UninstallDependencyCheck
 {
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * @var ComposerInformation
      */
@@ -38,15 +44,20 @@ class UninstallDependencyCheck
      * @param ComposerInformation $composerInfo
      * @param DependencyChecker $dependencyChecker
      * @param ThemeDependencyCheckerFactory $themeDependencyCheckerFactory
+     * @param \Magento\Framework\Escaper|null $escaper
      */
     public function __construct(
         ComposerInformation $composerInfo,
         DependencyChecker $dependencyChecker,
-        ThemeDependencyCheckerFactory $themeDependencyCheckerFactory
+        ThemeDependencyCheckerFactory $themeDependencyCheckerFactory,
+        \Magento\Framework\Escaper $escaper = null
     ) {
         $this->composerInfo = $composerInfo;
         $this->packageDependencyChecker = $dependencyChecker;
         $this->themeDependencyChecker = $themeDependencyCheckerFactory->create();
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
     }
 
     /**
@@ -54,51 +65,62 @@ public function __construct(
      *
      * @param array $packages
      * @return array
-     * @throws \RuntimeException
      */
     public function runUninstallReadinessCheck(array $packages)
     {
         try {
-            $packagesAndTypes = $this->composerInfo->getRootRequiredPackageTypesByName();
-            $dependencies = $this->packageDependencyChecker->checkDependencies($packages, true);
-            $messages = [];
-            $themes = [];
-
-            foreach ($packages as $package) {
-                if (!isset($packagesAndTypes[$package])) {
-                    throw new \RuntimeException('Package ' . $package . ' not found in the system.');
-                }
+            return $this->checkForMissingDependencies($packages);
+        } catch (\RuntimeException $e) {
+            $message = str_replace(PHP_EOL, '<br/>', $this->escaper->escapeHtml($e->getMessage()));
+            return ['success' => false, 'error' => $message];
+        }
+    }
 
-                switch ($packagesAndTypes[$package]) {
-                    case ComposerInformation::METAPACKAGE_PACKAGE_TYPE:
-                        unset($dependencies[$package]);
-                        break;
-                    case ComposerInformation::THEME_PACKAGE_TYPE:
-                        $themes[] = $package;
-                        break;
-                }
+    /**
+     * Check for missing dependencies
+     *
+     * @param array $packages
+     * @return array
+     * @throws \RuntimeException
+     */
+    private function checkForMissingDependencies(array $packages)
+    {
+        $packagesAndTypes = $this->composerInfo->getRootRequiredPackageTypesByName();
+        $dependencies = $this->packageDependencyChecker->checkDependencies($packages, true);
+        $messages = [];
+        $themes = [];
 
-                if (!empty($dependencies[$package])) {
-                    $messages[] = $package . " has the following dependent package(s): "
-                        . implode(', ', $dependencies[$package]);
-                }
+        foreach ($packages as $package) {
+            if (!isset($packagesAndTypes[$package])) {
+                throw new \RuntimeException('Package ' . $package . ' not found in the system.');
             }
 
-            if (!empty($themes)) {
-                $messages = array_merge(
-                    $messages,
-                    $this->themeDependencyChecker->checkChildThemeByPackagesName($themes)
-                );
+            switch ($packagesAndTypes[$package]) {
+                case ComposerInformation::METAPACKAGE_PACKAGE_TYPE:
+                    unset($dependencies[$package]);
+                    break;
+                case ComposerInformation::THEME_PACKAGE_TYPE:
+                    $themes[] = $package;
+                    break;
             }
 
-            if (!empty($messages)) {
-                throw new \RuntimeException(implode(PHP_EOL, $messages));
+            if (!empty($dependencies[$package])) {
+                $messages[] = $package . " has the following dependent package(s): "
+                    . implode(', ', $dependencies[$package]);
             }
+        }
 
-            return ['success' => true];
-        } catch (\RuntimeException $e) {
-            $message = str_replace(PHP_EOL, '<br/>', htmlspecialchars($e->getMessage()));
-            return ['success' => false, 'error' => $message];
+        if (!empty($themes)) {
+            $messages = array_merge(
+                $messages,
+                $this->themeDependencyChecker->checkChildThemeByPackagesName($themes)
+            );
         }
+
+        if (!empty($messages)) {
+            throw new \RuntimeException(implode(PHP_EOL, $messages));
+        }
+
+        return ['success' => true];
     }
 }