MC-16618: Eliminate @escapeNotVerified in Sales-related Modules

- Resolve further escape issues in admin

Author: davemacaulay

app/code/Magento/Sales/view/adminhtml/templates/order/create/form/account.phtml

@@ -7,7 +7,7 @@
 /** @var $block \Magento\Sales\Block\Adminhtml\Order\Create\Form\Account */
 ?>
 
-<div class="admin__page-section-title <?= /* @noEscape */ $block->getHeaderCssClass() ?>">
+<div class="admin__page-section-title <?= $block->escapeHtmlAttr($block->getHeaderCssClass()) ?>">
     <span class="title"><?= $block->escapeHtml($block->getHeaderText()) ?></span>
     <div class="actions"></div>
 </div>

app/code/Magento/Sales/view/adminhtml/templates/order/create/form/address.phtml

@@ -46,7 +46,7 @@ else :
 endif; ?>
 
 <fieldset class="admin__fieldset">
-    <legend class="admin__legend <?= /* @noEscape */ $block->getHeaderCssClass() ?>">
+    <legend class="admin__legend <?= $block->escapeHtmlAttr($block->getHeaderCssClass()) ?>">
         <span><?= $block->escapeHtml($block->getHeaderText()) ?></span>
     </legend><br>
 

app/code/Magento/Sales/view/adminhtml/templates/order/create/totals/tax.phtml

@@ -15,7 +15,7 @@ $taxAmount = $block->getTotal()->getValue();
     global $taxIter;
     $taxIter++;
     ?>
-    <?php $class = "{$block->getTotal()->getCode()} " . ($this->helper(\Magento\Tax\Helper\Data::class)->displayFullSummary() ? 'summary-total' : ''); ?>
+    <?php $class = $block->escapeHtmlAttr("{$block->getTotal()->getCode()} " . ($this->helper(\Magento\Tax\Helper\Data::class)->displayFullSummary() ? 'summary-total' : '')); ?>
     <tr<?php if ($this->helper(\Magento\Tax\Helper\Data::class)->displayFullSummary()) : ?>
         onclick="expandDetails(this, '.summary-details-<?= $block->escapeJs($taxIter) ?>')"
     <?php endif; ?>