MAGETWO-99282: Eliminate @escapeNotVerified in Magento_Catalog module

Author: Joan He

app/code/Magento/Catalog/Block/Product/View/Gallery.php

@@ -114,7 +114,7 @@ public function getGalleryImages()
      */
     public function getMagnifier()
     {
-        return $this->jsonEncoder->encode($this->escapeJs($this->getVar('magnifier')));
+        return $this->jsonEncoder->encode($this->getVar('magnifier'));
     }
 
     /**

app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/attribute/labels.phtml

@@ -32,7 +32,7 @@
                                 <input class="input-text<?php if ($_store->getId() == \Magento\Store\Model\Store::DEFAULT_STORE_ID) :?> required-option<?php endif; ?>"
                                        type="text"
                                        name="frontend_label[<?= $block->escapeHtmlAttr($_store->getId()) ?>]"
-                                       value="<?= $block->escapeHtml($_labels[$_store->getId()]) ?>"
+                                       value="<?= $block->escapeHtmlAttr($_labels[$_store->getId()]) ?>"
                                     <?php if ($block->getReadOnly()) :?>
                                         disabled="disabled"
                                     <?php endif;?>/>

app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/attribute/set/main.phtml

@@ -279,8 +279,8 @@
 
                         addGroup : function() {
                             prompt({
-                                title: "<?= $block->escapeJs(__('Add New Group')) ?>",
-                                content: "<?= $block->escapeJs(__('Please enter a new group name.')) ?>",
+                                title: "<?= $block->escapeJs($block->escapeHtml(__('Add New Group'))) ?>",
+                                content: "<?= $block->escapeJs($block->escapeHtml(__('Please enter a new group name.'))) ?>",
                                 value: "",
                                 validation: true,
                                 validationRules: ['required-entry'],

app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/edit/price/tier.phtml

@@ -70,7 +70,7 @@ var tierPriceRowTemplate = '<tr>'
         + '<input class="<?= $block->escapeHtmlAttr($_htmlClass) ?> qty required-entry validate-greater-than-zero" type="text" name="<?= /* @noEscape */ $_htmlName ?>[<%- data.index %>][price_qty]" value="<%- data.qty %>" id="tier_price_row_<%- data.index %>_qty" />'
         + '<span><?= $block->escapeHtml(__("and above")) ?></span>'
     + '</td>'
-    + '<td class="col-price"><input class="<?= $block->escapeHtmlAttr($_htmlClass) ?> required-entry <?= /* @noEscape */ $_priceValueValidation ?>" type="text" name="<?= /* @noEscape */ $_htmlName ?>[<%- data.index %>][price]" value="<%- data.price %>" id="tier_price_row_<%- data.index %>_price" /></td>'
+    + '<td class="col-price"><input class="<?= $block->escapeHtmlAttr($_htmlClass) ?> required-entry <?= $block->escapeHtmlAttr($_priceValueValidation) ?>" type="text" name="<?= /* @noEscape */ $_htmlName ?>[<%- data.index %>][price]" value="<%- data.price %>" id="tier_price_row_<%- data.index %>_price" /></td>'
     + '<td class="col-delete"><input type="hidden" name="<?= /* @noEscape */ $_htmlName ?>[<%- data.index %>][delete]" class="delete" value="" id="tier_price_row_<%- data.index %>_delete" />'
     + '<button title="<?= $block->escapeHtml(__('Delete Tier')) ?>" type="button" class="action- scalable delete icon-btn delete-product-option" id="tier_price_row_<%- data.index %>_delete_button" onclick="return tierPriceControl.deleteItem(event);">'
     + '<span><?= $block->escapeHtml(__("Delete")) ?></span></button></td>'

app/code/Magento/Catalog/view/frontend/templates/product/list.phtml

@@ -75,8 +75,8 @@ $_helper = $this->helper(Magento\Catalog\Helper\Output::class);
                         <?= $block->getProductDetailsHtml($_product) ?>
 
                         <div class="product-item-inner">
-                            <div class="product actions product-item-actions"<?= /* @noEscape */ strpos($pos, $viewMode . '-actions') ? $position : '' ?>>
-                                <div class="actions-primary"<?= /* @noEscape */  strpos($pos, $viewMode . '-primary') ? $position : '' ?>>
+                            <div class="product actions product-item-actions"<?= strpos($pos, $viewMode . '-actions') ? $block->escapeHtmlAttr($position) : '' ?>>
+                                <div class="actions-primary"<?= strpos($pos, $viewMode . '-primary') ? $block->escapeHtmlAttr($position) : '' ?>>
                                     <?php if ($_product->isSaleable()) :?>
                                         <?php $postParams = $block->getAddToCartPostParams($_product); ?>
                                         <form data-role="tocart-form"
@@ -103,7 +103,7 @@ $_helper = $this->helper(Magento\Catalog\Helper\Output::class);
                                         <?php endif; ?>
                                     <?php endif; ?>
                                 </div>
-                                <div data-role="add-to-links" class="actions-secondary"<?= /* @noEscape */ strpos($pos, $viewMode . '-secondary') ? $position : '' ?>>
+                                <div data-role="add-to-links" class="actions-secondary"<?= strpos($pos, $viewMode . '-secondary') ? $block->escapeHtmlAttr($position) : '' ?>>
                                     <?php if ($addToBlock = $block->getChildBlock('addto')) :?>
                                         <?= $addToBlock->setProduct($_product)->getChildHtml() ?>
                                     <?php endif; ?>
@@ -130,7 +130,7 @@ $_helper = $this->helper(Magento\Catalog\Helper\Output::class);
         {
             "[data-role=tocart-form], .form.map.checkout": {
                 "catalogAddToCart": {
-                    "product_sku": "<?= /* @noEscape */ $_product->getSku() ?>"
+                    "product_sku": "<?= $block->escapeJs($_product->getSku()) ?>"
                 }
             }
         }