documentation/xss__safe_8phtml_source.html

 <?php
 // @codingStandardsIgnoreFile
 ?>

 <?= /* @escapeNotVerified */ $block->getSomeData() ?>
 <?= /* @noEscape */ $block->getSomeData() ?>
 <input name="form_key" type="hidden" value="<?= $block->escapeUrl($var) ?>" />
 <input name="form_key" type="hidden" value="<?= $block->escapeHtmlAttr('value') ?>" />
 <input name="form_key" type="hidden" value="<?= $block->escapeJs('value') ?>" />
 <?= $block->escapeCss('value') ?>
 echo $var;
 <?= $block->getHtmlId("some value") ?>
 <?= $block->getIdHtml("some value") ?>
 <?= $block->getIdHtml("some value") ?>
 <?= "\$var1" ?>
 <?= '$var' ?>
 <?= "value" ?>
 <?= 'value' ?>
 <?= (int)$var ?>
 <?= (bool)$var ?>
 <?= count($var) ?>
 <?= $object->methodHtml() ?>
 <?php pecho($var);?>
 <?= $object->methodHtml() .
     (bool)$var .
     $block->escapeUrl("some value");
 ?>
 <?= /* @noEscape */ '\'' . $code . '\',\'' . $block->escapeHtml($data['parentSymbol']) . '\'' ?>
 <?= $block->getExtendedElement($switchAttributeCode)->toHtml() ?>
 <?= $block->escapeHtml($_filter->getFilter()->getClearLinkText()) ?>
 <?php
 ?>

 <?php
 /* This part is commented to remove all <col> tags from the code. */
 /* foreach ($block->getColumns() as $_column): ?>
     <col <?= $_column->getProperty() ?> />
 <?php endforeach; */ ?>

 <?= $block->escapeHtmlAttr($block->getParamValue('title_' . $store['value'])) ?>
value
$block setTitle( 'CMS Block Title') -> setIdentifier('fixture_block') ->setContent('< h1 >Fixture Block Title</h1 >< a href=" store url</a><p> Config value
Definition: block.php:9

$block
$block
Definition: block.php:8

name

$data
$data
Definition: attribute_set_with_image_attribute.php:16

$store
$store
Definition: payment_configuration_rollback.php:33

$code
$code
Definition: info.phtml:12

$switchAttributeCode
$switchAttributeCode
Definition: extend.phtml:15