Magento_Sales: avoid using deprecated escape* methods from AbstractBlock

app/code/Magento/Sales/Block/Adminhtml/Order/Create/Comment.php

@@ -48,6 +48,6 @@ public function getHeaderText()
      */
     public function getCommentNote()
     {
-        return $this->escapeHtml($this->getQuote()->getCustomerNote());
+        return $this->_escaper->escapeHtml($this->getQuote()->getCustomerNote());
     }
 }

app/code/Magento/Sales/Block/Adminhtml/Order/Create/Form/Address.php

@@ -387,7 +387,7 @@ public function getAddressAsString(\Magento\Customer\Api\Data\AddressInterface $
             $result = $formatTypeRenderer->renderArray($this->addressMapper->toFlatArray($address));
         }
 
-        return $this->escapeHtml($result);
+        return $this->_escaper->escapeHtml($result);
     }
 
     /**

app/code/Magento/Sales/Block/Adminhtml/Order/Create/Header.php

@@ -63,7 +63,7 @@ protected function _toHtml()
             return __('Edit Order #%1', $this->_getSession()->getOrder()->getIncrementId());
         }
         $out = $this->_getCreateOrderTitle();
-        return $this->escapeHtml($out);
+        return $this->_escaper->escapeHtml($out);
     }
 
     /**

app/code/Magento/Sales/Block/Adminhtml/Order/Create/Totals/Shipping.php

@@ -102,7 +102,7 @@ public function getIncludeTaxLabel()
     {
         return __(
             'Shipping Incl. Tax (%1)',
-            $this->escapeHtml($this->getQuote()->getShippingAddress()->getShippingDescription())
+            $this->_escaper->escapeHtml($this->getQuote()->getShippingAddress()->getShippingDescription())
         );
     }
 
@@ -115,7 +115,7 @@ public function getExcludeTaxLabel()
     {
         return __(
             'Shipping Excl. Tax (%1)',
-            $this->escapeHtml($this->getQuote()->getShippingAddress()->getShippingDescription())
+            $this->_escaper->escapeHtml($this->getQuote()->getShippingAddress()->getShippingDescription())
         );
     }
 }

app/code/Magento/Sales/Block/Adminhtml/Order/View/Info.php

@@ -202,7 +202,7 @@ public function getCustomerAccountData()
                 $sortOrder = $this->_prepareAccountDataSortOrder($accountData, $sortOrder);
                 $accountData[$sortOrder] = [
                     'label' => $attribute->getFrontendLabel(),
-                    'value' => $this->escapeHtml($value, ['br']),
+                    'value' => $this->_escaper->escapeHtml($value, ['br']),
                 ];
             }
         }
@@ -225,7 +225,7 @@ public function getAddressEditLink($address, $label = '')
                 $label = __('Edit');
             }
             $url = $this->getUrl('sales/order/address', ['address_id' => $address->getId()]);
-            return '<a href="' . $this->escapeUrl($url) . '">' . $this->escapeHtml($label) . '</a>';
+            return '<a href="' . $this->escapeUrl($url) . '">' . $this->_escaper->escapeHtml($label) . '</a>';
         }
 
         return '';

app/code/Magento/Sales/Block/Adminhtml/Order/View/Tab/History.php

@@ -173,7 +173,7 @@ public function getItemCreatedAt(array $item, $dateType = 'date', $format = \Int
      */
     public function getItemTitle(array $item)
     {
-        return isset($item['title']) ? $this->escapeHtml($item['title']) : '';
+        return isset($item['title']) ? $this->_escaper->escapeHtml($item['title']) : '';
     }
 
     /**

app/code/Magento/Sales/Block/Adminhtml/Reorder/Renderer/Action.php

@@ -74,7 +74,7 @@ public function render(\Magento\Framework\DataObject $row)
     protected function _getEscapedValue($value)
     {
         // phpcs:ignore Magento2.Functions.DiscouragedFunction
-        return addcslashes($this->escapeHtml($value), '\\\'');
+        return addcslashes($this->_escaper->escapeHtml($value), '\\\'');
     }
 
     /**

app/code/Magento/Sales/Block/Adminhtml/Transactions/Detail.php

@@ -126,17 +126,17 @@ protected function _toHtml()
         ));
 
         $this->setParentTxnIdUrlHtml(
-            $this->escapeHtml($this->getUrl('sales/transactions/view', ['txn_id' => $this->_txn->getParentId()]))
+            $this->_escaper->escapeHtml($this->getUrl('sales/transactions/view', ['txn_id' => $this->_txn->getParentId()]))
         );
 
-        $this->setParentTxnIdHtml($this->escapeHtml($this->_txn->getParentTxnId()));
+        $this->setParentTxnIdHtml($this->_escaper->escapeHtml($this->_txn->getParentTxnId()));
 
-        $this->setOrderIncrementIdHtml($this->escapeHtml($this->_txn->getOrder()->getIncrementId()));
+        $this->setOrderIncrementIdHtml($this->_escaper->escapeHtml($this->_txn->getOrder()->getIncrementId()));
 
-        $this->setTxnTypeHtml($this->escapeHtml(__($this->_txn->getTxnType())));
+        $this->setTxnTypeHtml($this->_escaper->escapeHtml(__($this->_txn->getTxnType())));
 
         $this->setOrderIdUrlHtml(
-            $this->escapeHtml($this->getUrl('sales/order/view', ['order_id' => $this->_txn->getOrderId()]))
+            $this->_escaper->escapeHtml($this->getUrl('sales/order/view', ['order_id' => $this->_txn->getOrderId()]))
         );
 
         $this->setIsClosedHtml($this->_txn->getIsClosed() ? __('Yes') : __('No'));
@@ -150,7 +150,7 @@ protected function _toHtml()
         ) : __(
             'N/A'
         );
-        $this->setCreatedAtHtml($this->escapeHtml($createdAt));
+        $this->setCreatedAtHtml($this->_escaper->escapeHtml($createdAt));
 
         return parent::_toHtml();
     }

app/code/Magento/Sales/Block/Order/Email/Items/DefaultItems.php

@@ -67,13 +67,13 @@ public function getValueHtml($value)
             return sprintf(
                 '%d',
                 $value['qty']
-            ) . ' x ' . $this->escapeHtml(
+            ) . ' x ' . $this->_escaper->escapeHtml(
                 $value['title']
             ) . " " . $this->getItem()->getOrder()->formatPrice(
                 $value['price']
             );
         } else {
-            return $this->escapeHtml($value);
+            return $this->_escaper->escapeHtml($value);
         }
     }
 

app/code/Magento/Sales/Block/Order/Email/Items/Order/DefaultOrder.php

@@ -60,10 +60,10 @@ public function getValueHtml($value)
     {
         if (is_array($value)) {
             return sprintf('%d', $value['qty'])
-                . ' x ' . $this->escapeHtml($value['title'])
+                . ' x ' . $this->_escaper->escapeHtml($value['title'])
                 . " " . $this->getItem()->getOrder()->formatPrice($value['price']);
         } else {
-            return $this->escapeHtml($value);
+            return $this->_escaper->escapeHtml($value);
         }
     }
 

app/code/Magento/Sales/Block/Order/Item/Renderer/DefaultRenderer.php

@@ -223,7 +223,7 @@ public function getProductAdditionalInformationBlock()
      */
     public function prepareSku($sku)
     {
-        return $this->escapeHtml($this->string->splitInjection($sku));
+        return $this->_escaper->escapeHtml($this->string->splitInjection($sku));
     }
 
     /**

app/code/Magento/Sales/Block/Status/Grid/Column/Unassign.php

@@ -62,7 +62,7 @@ public function decorateAction($value, $row, $column, $isExport)
             $url = $this->getUrl('*/*/unassign');
             $label = __('Unassign');
             $cell = '<a href="#" data-post="'
-                .$this->escapeHtmlAttr(
+                .$this->_escaper->escapeHtmlAttr(
                     $this->json->serialize([
                         'action' => $url,
                         'data' => ['status' => $row->getStatus(), 'state' => $row->getState()]

app/code/Magento/Sales/view/adminhtml/templates/items/column/name.phtml

@@ -8,6 +8,7 @@
 <?php
 /**
  * @var $block \Magento\Sales\Block\Adminhtml\Items\Column\Name
+ * @var \Magento\Framework\Escaper $escaper
  * @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
  */
 ?>
@@ -19,29 +20,29 @@ $catalogHelper = $block->getData('catalogHelper');
 <?php if ($_item = $block->getItem()): ?>
     <div id="order_item_<?= (int) $_item->getId() ?>_title"
          class="product-title">
-        <?= $block->escapeHtml($_item->getName()) ?>
+        <?= $escaper->escapeHtml($_item->getName()) ?>
     </div>
     <div class="product-sku-block">
-        <span><?= $block->escapeHtml(__('SKU'))?>:</span>
-        <?= /* @noEscape */ implode('<br />', $catalogHelper->splitSku($block->escapeHtml($block->getSku()))) ?>
+        <span><?= $escaper->escapeHtml(__('SKU'))?>:</span>
+        <?= /* @noEscape */ implode('<br />', $catalogHelper->splitSku($escaper->escapeHtml($block->getSku()))) ?>
     </div>
 
     <?php if ($block->getOrderOptions()): ?>
         <dl class="item-options">
             <?php foreach ($block->getOrderOptions() as $_option): ?>
-                <dt><?= $block->escapeHtml($_option['label']) ?>:</dt>
+                <dt><?= $escaper->escapeHtml($_option['label']) ?>:</dt>
                 <dd>
                     <?php if (isset($_option['custom_view']) && $_option['custom_view']): ?>
                         <?= /* @noEscape */ $block->getCustomizedOptionValue($_option) ?>
                     <?php else: ?>
                         <?php $_option = $block->getFormattedOption($_option['value']); ?>
                         <?php $dots = 'dots' . uniqid(); ?>
                         <?php $id = 'id' . uniqid(); ?>
-                        <?= $block->escapeHtml($_option['value'], ['a', 'br']) ?>
+                        <?= $escaper->escapeHtml($_option['value'], ['a', 'br']) ?>
                         <?php if (isset($_option['remainder']) && $_option['remainder']): ?>
                             <span id="<?= /* @noEscape */ $dots; ?>"> ...</span>
                             <span id="<?= /* @noEscape */ $id; ?>">
-                                <?= $block->escapeHtml($_option['remainder'], ['a']) ?>
+                                <?= $escaper->escapeHtml($_option['remainder'], ['a']) ?>
                             </span>
                             <?php $scriptString = <<<script
                                 require(['prototype'], function() {
@@ -68,5 +69,5 @@ script;
             <?php endforeach; ?>
         </dl>
     <?php endif; ?>
-    <?= $block->escapeHtml($_item->getDescription()) ?>
+    <?= $escaper->escapeHtml($_item->getDescription()) ?>
 <?php endif; ?>

app/code/Magento/Sales/view/adminhtml/templates/items/column/qty.phtml

@@ -3,38 +3,41 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+/**
+ * @var \Magento\Framework\Escaper $escaper
+ */
 ?>
 <?php if ($item = $block->getItem()) : ?>
     <table class="qty-table">
         <tr>
-            <th><?= $block->escapeHtml(__('Ordered')); ?></th>
+            <th><?= $escaper->escapeHtml(__('Ordered')); ?></th>
             <td><?= (float) $item->getQtyOrdered() ?></td>
         </tr>
 
         <?php if ((float)$item->getQtyInvoiced()) : ?>
             <tr>
-                <th><?= $block->escapeHtml(__('Invoiced')); ?></th>
+                <th><?= $escaper->escapeHtml(__('Invoiced')); ?></th>
                 <td><?= (float) $item->getQtyInvoiced() ?></td>
             </tr>
         <?php endif; ?>
 
         <?php if ((float)$item->getQtyShipped()) : ?>
             <tr>
-                <th><?= $block->escapeHtml(__('Shipped')); ?></th>
+                <th><?= $escaper->escapeHtml(__('Shipped')); ?></th>
                 <td><?= (float) $item->getQtyShipped() ?></td>
             </tr>
         <?php endif; ?>
 
         <?php if ((float)$item->getQtyRefunded()) : ?>
             <tr>
-                <th><?= $block->escapeHtml(__('Refunded')); ?></th>
+                <th><?= $escaper->escapeHtml(__('Refunded')); ?></th>
                 <td><?= (float) $item->getQtyRefunded() ?></td>
             </tr>
         <?php endif; ?>
 
         <?php if ((float)$item->getQtyCanceled()) : ?>
             <tr>
-                <th><?= $block->escapeHtml(__('Canceled')); ?></th>
+                <th><?= $escaper->escapeHtml(__('Canceled')); ?></th>
                 <td><?= (float) $item->getQtyCanceled() ?></td>
             </tr>
         <?php endif; ?>

app/code/Magento/Sales/view/adminhtml/templates/items/renderer/default.phtml

@@ -5,22 +5,25 @@
  */
 
 // phpcs:disable Magento2.Templates.ThisInTemplate
+/**
+ * @var \Magento\Framework\Escaper $escaper
+ */
 ?>
-<?= $block->escapeHtml($block->getItem()->getName()) ?>
-<div><strong><?= $block->escapeHtml(__('SKU')) ?>:</strong> <?= /* @noEscape */ implode('<br />', $this->helper(\Magento\Catalog\Helper\Data::class)->splitSku($block->escapeHtml($block->getItem()->getSku()))) ?></div>
+<?= $escaper->escapeHtml($block->getItem()->getName()) ?>
+<div><strong><?= $escaper->escapeHtml(__('SKU')) ?>:</strong> <?= /* @noEscape */ implode('<br />', $this->helper(\Magento\Catalog\Helper\Data::class)->splitSku($escaper->escapeHtml($block->getItem()->getSku()))) ?></div>
 <?php if ($block->getOrderOptions()) : ?>
     <ul class="item-options">
     <?php foreach ($block->getOrderOptions() as $option) : ?>
-        <li><strong><?= $block->escapeHtml($option['label']) ?>:</strong><br />
+        <li><strong><?= $escaper->escapeHtml($option['label']) ?>:</strong><br />
         <?php if (is_array($option['value'])) : ?>
             <?php foreach ($option['value'] as $item) : ?>
                 <?= $block->getValueHtml($item) ?><br />
                 <?php endforeach; ?>
             <?php else : ?>
-            <?= $block->escapeHtml($option['value']) ?>
+            <?= $escaper->escapeHtml($option['value']) ?>
         <?php endif; ?>
         </li>
     <?php endforeach; ?>
     </ul>
 <?php endif; ?>
-<?= $block->escapeHtml($block->getItem()->getDescription()) ?>
+<?= $escaper->escapeHtml($block->getItem()->getDescription()) ?>

app/code/Magento/Sales/view/adminhtml/templates/order/address/form.phtml

@@ -3,12 +3,16 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+/**
+ * @var \Magento\Framework\Escaper $escaper
+ */
 ?>
 <div class="messages">
     <div class="message message-notice">
         <div class="message-inner">
             <div class="message-content">
-                <?= $block->escapeHtml(
+                <?= $escaper->escapeHtml(
                     __('Changing address information will not recalculate shipping, tax or other order amount.')
                 ) ?>
             </div>
@@ -18,7 +22,7 @@
 
 <div class="fieldset admin__fieldset-wrapper">
     <legend class="legend admin__legend">
-        <span><?= $block->escapeHtml($block->getHeaderText()) ?></span>
+        <span><?= $escaper->escapeHtml($block->getHeaderText()) ?></span>
     </legend>
     <br>
     <div class="form-inline" data-mage-init='{"Magento_Sales/order/edit/address/form":{}}'>

app/code/Magento/Sales/view/adminhtml/templates/order/comments/view.phtml

@@ -4,14 +4,17 @@
  * See COPYING.txt for license details.
  */
 
-/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
+/**
+ * @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
+ * @var \Magento\Framework\Escaper $escaper
+ */
 ?>
 <?php if ($_entity = $block->getEntity()): ?>
 <div id="comments_block" class="edit-order-comments">
     <div class="order-history-block">
         <div class="admin__field field-row">
             <label class="admin__field-label"
-                   for="history_comment"><?= $block->escapeHtml(__('Comment Text')) ?></label>
+                   for="history_comment"><?= $escaper->escapeHtml(__('Comment Text')) ?></label>
             <div class="admin__field-control">
                 <textarea name="comment[comment]"
                           class="admin__control-textarea"
@@ -30,7 +33,7 @@
                                id="history_notify"
                                value="1" />
                         <label class="admin__field-label"
-                               for="history_notify"><?= $block->escapeHtml(__('Notify Customer by Email')) ?></label>
+                               for="history_notify"><?= $escaper->escapeHtml(__('Notify Customer by Email')) ?></label>
                     </div>
                 <?php endif; ?>
                 <div class="admin__field admin__field-option">
@@ -40,7 +43,7 @@
                            class="admin__control-checkbox"
                            value="1" />
                     <label class="admin__field-label"
-                           for="history_visible"> <?= $block->escapeHtml(__('Visible on Storefront')) ?></label>
+                           for="history_visible"> <?= $escaper->escapeHtml(__('Visible on Storefront')) ?></label>
                 </div>
             </div>
             <div class="order-history-comments-actions">
@@ -59,17 +62,17 @@
                     <?= /* @noEscape */ $block->formatTime($_comment->getCreatedAt(), \IntlDateFormatter::MEDIUM) ?>
                 </span>
                 <span class="note-list-customer">
-                    <?= $block->escapeHtml(__('Customer')) ?>
+                    <?= $escaper->escapeHtml(__('Customer')) ?>
                     <?php if ($_comment->getIsCustomerNotified()): ?>
-                        <span class="note-list-customer-notified"><?= $block->escapeHtml(__('Notified')) ?></span>
+                        <span class="note-list-customer-notified"><?= $escaper->escapeHtml(__('Notified')) ?></span>
                     <?php else: ?>
                         <span class="note-list-customer-not-notified">
-                            <?= $block->escapeHtml(__('Not Notified')) ?>
+                            <?= $escaper->escapeHtml(__('Not Notified')) ?>
                         </span>
                     <?php endif; ?>
                 </span>
                 <div class="note-list-comment">
-                    <?= $block->escapeHtml($_comment->getComment(), ['b', 'br', 'strong', 'i', 'u', 'a']) ?>
+                    <?= $escaper->escapeHtml($_comment->getComment(), ['b', 'br', 'strong', 'i', 'u', 'a']) ?>
                 </div>
             </li>
         <?php endforeach; ?>
@@ -78,7 +81,7 @@
     <?php $scriptString = <<<script
 require(['prototype'], function(){
     submitComment = function() {
-        submitAndReloadArea($('comments_block').parentNode, '{$block->escapeJs($block->getSubmitUrl())}')
+        submitAndReloadArea($('comments_block').parentNode, '{$escaper->escapeJs($block->getSubmitUrl())}')
     };
     if ($('submit_comment_button')) {
         $('submit_comment_button').observe('click', submitComment);

app/code/Magento/Sales/view/adminhtml/templates/order/create/abstract.phtml

@@ -3,10 +3,14 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+/**
+ * @var \Magento\Framework\Escaper $escaper
+ */
 ?>
 
 <div class="admin__page-section-title">
-    <span class="title"><?= $block->escapeHtml($block->getHeaderText()) ?></span>
+    <span class="title"><?= $escaper->escapeHtml($block->getHeaderText()) ?></span>
     <?php if ($block->getButtonsHtml()) : ?>
         <div class="actions"><?= $block->getButtonsHtml() ?></div>
     <?php endif; ?>