diff --git a/phpcs.xml b/phpcs.xml
index b56e261b..d5a4b056 100644
--- a/phpcs.xml
+++ b/phpcs.xml
@@ -11,7 +11,6 @@
     <exclude name="Squiz.PHP.CommentedOutCode.Found" />
 
     <!-- Fix security issues -->
-    <exclude name="WordPress.Security.EscapeOutput" />
     <exclude name="WordPress.Security.ValidatedSanitizedInput" />
     <exclude name="WordPress.Security.NonceVerification" />
 
diff --git a/src/class-tiny-compress-client.php b/src/class-tiny-compress-client.php
index 8c983ce6..4dd8304b 100644
--- a/src/class-tiny-compress-client.php
+++ b/src/class-tiny-compress-client.php
@@ -1,4 +1,5 @@
 <?php
+// phpcs:disable WordPress.Security.EscapeOutput.ExceptionNotEscaped
 /*
 * Tiny Compress Images - WordPress plugin.
 * Copyright (C) 2015-2018 Tinify B.V.
diff --git a/src/class-tiny-compress-fopen.php b/src/class-tiny-compress-fopen.php
index b63d0794..1987aaac 100644
--- a/src/class-tiny-compress-fopen.php
+++ b/src/class-tiny-compress-fopen.php
@@ -1,4 +1,5 @@
 <?php
+// phpcs:disable WordPress.Security.EscapeOutput.ExceptionNotEscaped
 /*
 * Tiny Compress Images - WordPress plugin.
 * Copyright (C) 2015-2018 Tinify B.V.
diff --git a/src/class-tiny-compress.php b/src/class-tiny-compress.php
index 75ced00c..288bd49b 100644
--- a/src/class-tiny-compress.php
+++ b/src/class-tiny-compress.php
@@ -109,14 +109,17 @@ public function compress_file(
 		$convert_to = array()
 	) {
 		if ( $this->get_key() == null ) {
+			// phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- not used in output
 			throw new Tiny_Exception( self::KEY_MISSING, 'KeyError' );
 		}
 
 		if ( ! file_exists( $file ) ) {
+			// phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- not used in output
 			throw new Tiny_Exception( self::FILE_MISSING, 'FileError' );
 		}
 
 		if ( ! is_writable( $file ) ) {
+			// phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- not used in output
 			throw new Tiny_Exception( self::WRITE_ERROR, 'FileError' );
 		}
 
@@ -141,7 +144,7 @@ public function compress_file(
 		try {
 			file_put_contents( $file, $output );
 		} catch ( Exception $e ) {
-			throw new Tiny_Exception( $e->getMessage(), 'FileError' );
+			throw new Tiny_Exception( esc_html( $e->getMessage() ), 'FileError' );
 		}
 
 		if ( $convert_output ) {
@@ -153,7 +156,7 @@ public function compress_file(
 			try {
 				file_put_contents( $converted_filepath, $convert_output );
 			} catch ( Exception $e ) {
-				throw new Tiny_Exception( $e->getMessage(), 'FileError' );
+				throw new Tiny_Exception( esc_html( $e->getMessage() ), 'FileError' );
 			}
 			$details['convert']['path'] = $converted_filepath;
 		}
diff --git a/src/class-tiny-image-size.php b/src/class-tiny-image-size.php
index f57694a6..e93040d5 100644
--- a/src/class-tiny-image-size.php
+++ b/src/class-tiny-image-size.php
@@ -231,7 +231,6 @@ public function mark_duplicate( $duplicate_size_name ) {
 		$this->duplicate         = true;
 		$this->duplicate_of_size = $duplicate_size_name;
 	}
-
 	public function is_duplicate() {
 		return $this->duplicate;
 	}
diff --git a/src/class-tiny-notices.php b/src/class-tiny-notices.php
index eae648dc..0c48e1df 100644
--- a/src/class-tiny-notices.php
+++ b/src/class-tiny-notices.php
@@ -172,7 +172,7 @@ public function show( $name, $message, $klass = 'error', $dismissible = true ) {
 		}
 
 		$css         = implode( ' ', $css );
-		$plugin_name = esc_html__(
+		$plugin_name = __(
 			'TinyPNG - JPEG, PNG & WebP image compression',
 			'tiny-compress-images'
 		);
@@ -180,8 +180,9 @@ public function show( $name, $message, $klass = 'error', $dismissible = true ) {
 		add_action(
 			'admin_notices',
 			function () use ( $css, $name, $plugin_name, $message, $add ) {
-				echo '<div class="' . $css . '" data-name="' . $name . '"><p>' .
-					$plugin_name . ': ' . $message . $add . '</div>';
+				echo '<div class="' . esc_attr( $css ) . '" data-name="' .
+					esc_attr( $name ) . '"><p>' . esc_html( $plugin_name ) .
+					': ' . wp_kses_post( $message ) . wp_kses_post( $add ) . '</div>';
 			}
 		);
 	}
@@ -324,7 +325,7 @@ private function show_incompatible_plugins( $incompatible_plugins ) {
 		add_action(
 			'admin_notices',
 			function () use ( $notice ) {
-				echo $notice;
+				echo wp_kses_post( $notice );
 			}
 		);
 	}
diff --git a/src/class-tiny-plugin.php b/src/class-tiny-plugin.php
index f6f4a52a..0af97fe6 100644
--- a/src/class-tiny-plugin.php
+++ b/src/class-tiny-plugin.php
@@ -547,7 +547,7 @@ private function validate_ajax_attachment_request() {
 	public function compress_image_from_library() {
 		$response = $this->validate_ajax_attachment_request();
 		if ( isset( $response['error'] ) ) {
-			echo $response['error'];
+			echo esc_html( $response['error'] );
 			exit();
 		}
 		list($id, $metadata) = $response['data'];
@@ -570,7 +570,7 @@ public function compress_image_from_library() {
 		// anymore, so other plugins are less likely to be triggered.
 		wp_update_attachment_metadata( $id, $tiny_image->get_wp_metadata() );
 
-		echo $this->render_compress_details( $tiny_image );
+		$this->render_compress_details( $tiny_image );
 
 		exit();
 	}
@@ -656,14 +656,14 @@ public function ajax_compression_status() {
 		$response = $this->validate_ajax_attachment_request();
 
 		if ( isset( $response['error'] ) ) {
-			echo $response['error'];
+			echo esc_html( $response['error'] );
 			exit();
 		}
 		list($id, $metadata) = $response['data'];
 
 		$tiny_image = new Tiny_Image( $this->settings, $id, $metadata );
 
-		echo $this->render_compress_details( $tiny_image );
+		$this->render_compress_details( $tiny_image );
 
 		exit();
 	}
@@ -877,7 +877,7 @@ public static function uninstall() {
 	public function mark_image_as_compressed() {
 		$response = $this->validate_ajax_attachment_request();
 		if ( isset( $response['error'] ) ) {
-			echo $response['error'];
+			echo esc_html( $response['error'] );
 			exit();
 		}
 
@@ -885,7 +885,7 @@ public function mark_image_as_compressed() {
 		$tiny_image          = new Tiny_Image( $this->settings, $id, $metadata );
 		$tiny_image->mark_as_compressed();
 
-		echo $this->render_compress_details( $tiny_image );
+		$this->render_compress_details( $tiny_image );
 
 		exit();
 	}
diff --git a/src/class-tiny-settings.php b/src/class-tiny-settings.php
index 281a2a00..f0c94065 100644
--- a/src/class-tiny-settings.php
+++ b/src/class-tiny-settings.php
@@ -460,7 +460,14 @@ public function render_settings_moved() {
 					),
 				)
 			),
-			$link
+			wp_kses(
+				$link,
+				array(
+					'a' => array(
+						'href' => array(),
+					),
+				)
+			)
 		);
 		echo '</div>';
 	}
@@ -470,14 +477,14 @@ public function render_compression_timing_settings() {
 			'When should new images be compressed?',
 			'tiny-compress-images'
 		);
-		echo '<h4>' . $heading . '</h4>';
+		echo '<h4>' . esc_html( $heading ) . '</h4>';
 		echo '<div class="optimization-options">';
 
 		$name               = self::get_prefixed_name( 'compression_timing' );
 		$compression_timing = $this->get_compression_timing();
 
 		$id      = self::get_prefixed_name( 'background_compress_enabled' );
-		$checked = ( 'background' === $compression_timing ? ' checked="checked"' : '' );
+		$checked = ( 'background' === $compression_timing );
 
 		$label       = esc_html__(
 			'Compress new images in the background (Recommended)',
@@ -493,12 +500,11 @@ public function render_compression_timing_settings() {
 			$label,
 			$description,
 			'background',
-			$checked,
-			false
+			$checked
 		);
 
 		$id      = self::get_prefixed_name( 'auto_compress_enabled' );
-		$checked = ( 'auto' === $compression_timing ? ' checked="checked"' : '' );
+		$checked = ( 'auto' === $compression_timing );
 
 		$label       = esc_html__(
 			'Compress new images during upload',
@@ -514,12 +520,11 @@ public function render_compression_timing_settings() {
 			$label,
 			$description,
 			'auto',
-			$checked,
-			false
+			$checked
 		);
 
 		$id      = self::get_prefixed_name( 'auto_compress_disabled' );
-		$checked = ( 'manual' === $compression_timing ? ' checked="checked"' : '' );
+		$checked = ( 'manual' === $compression_timing );
 
 		$label       = esc_html__(
 			'Do not compress new images automatically',
@@ -535,16 +540,16 @@ public function render_compression_timing_settings() {
 			$label,
 			$description,
 			'manual',
-			$checked,
-			false
+			$checked
 		);
 
 		echo '</div>';
 	}
 
 	public function render_sizes() {
+		$dummy_size_name = self::get_prefixed_name( 'sizes[' . self::DUMMY_SIZE . ']' );
 		echo '<input type="hidden" name="' .
-			self::get_prefixed_name( 'sizes[' . self::DUMMY_SIZE . ']' ) . '" value="on"/>';
+			esc_attr( $dummy_size_name ) . '" value="on"/>';
 
 		foreach ( $this->get_sizes() as $size => $option ) {
 			$this->render_size_checkboxes( $size, $option );
@@ -568,7 +573,7 @@ public function render_sizes() {
 	private function render_size_checkboxes( $size, $option ) {
 		$id      = self::get_prefixed_name( "sizes_$size" );
 		$name    = self::get_prefixed_name( 'sizes[' . $size . ']' );
-		$checked = ( $option['tinify'] ? ' checked="checked"' : '' );
+		$checked = ! empty( $option['tinify'] );
 		if ( Tiny_Image::is_original( $size ) ) {
 			$label = esc_html__( 'Original image', 'tiny-compress-images' ) . ' (' .
 				esc_html__(
@@ -592,9 +597,9 @@ private function render_size_checkboxes( $size, $option ) {
 				. ' - ' . $width . 'x' . $height;
 		}
 		echo '<p>';
-		echo '<input type="checkbox" id="' . $id . '" name="' . $name .
-			'" value="on" ' . $checked . '/>';
-		echo '<label for="' . $id . '">' . $label . '</label>';
+		echo '<input type="checkbox" id="' . esc_attr( $id ) . '" name="' . esc_attr( $name ) .
+			'" value="on"' . checked( $checked, true, false ) . '/>';
+		echo '<label for="' . esc_attr( $id ) . '">' . esc_html( $label ) . '</label>';
 		echo '</p>';
 	}
 
@@ -646,7 +651,7 @@ public function render_size_checkboxes_description(
 					),
 					$strong
 				),
-				$free_images_per_month
+				esc_html( $free_images_per_month )
 			);
 
 			if ( self::wr2x_active() ) {
@@ -683,7 +688,7 @@ public function render_compression_timing_radiobutton(
 				'For compression to work you will need to configure WP Offload S3 to keep a copy of the images on the server.',
 				'tiny-compress-images'
 			);
-			echo $message;
+			echo esc_html( $message );
 			echo '</p></div>';
 			echo '<p class="tiny-radio disabled">';
 		} else {
@@ -693,11 +698,11 @@ public function render_compression_timing_radiobutton(
 		$id    = sprintf( self::get_prefixed_name( 'compression_timing_%s' ), $value );
 		$label = esc_html( $label );
 		$desc  = esc_html( $desc );
-		echo '<input type="radio" id="' . $id . '" name="' . $name .
-			'" value="' . $value . '" ' . $checked . '/>';
-		echo '<label for="' . $id . '">' . $label . '</label>';
+		echo '<input type="radio" id="' . esc_attr( $id ) . '" name="' . esc_attr( $name ) .
+			'" value="' . esc_attr( $value ) . '"' . checked( $checked, true, false ) . '/>';
+		echo '<label for="' . esc_attr( $id ) . '">' . esc_html( $label ) . '</label>';
 		echo '<br>';
-		echo '<span>' . $desc . '</span>';
+		echo '<span>' . esc_html( $desc ) . '</span>';
 		echo '</p>';
 	}
 
@@ -955,11 +960,11 @@ private static function render_radiobutton(
 		$label,
 		$descr
 	) {
-		$checked = ( $current_value === $option_value ? ' checked="checked"' : '' );
+		$checked = ( $current_value === $option_value );
 		echo '<p class="tiny-radio">';
 		echo '<input type="radio" data-testid="' . esc_attr( $option_id ) . '" ';
-		echo 'id="' . esc_attr( $option_id ) . '" name="' . $group_name .
-			'" value="' . esc_attr( $option_value ) . '" ' . $checked . '/>';
+		echo 'id="' . esc_attr( $option_id ) . '" name="' . esc_attr( $group_name ) .
+			'" value="' . esc_attr( $option_value ) . '"' . checked( $checked, true, false ) . '/>';
 		echo '<label for="' . esc_attr( $option_id ) . '">' . esc_html( $label );
 		echo '<span>' . esc_html( $descr ) . '</span>';
 		echo '</label>';
diff --git a/src/views/account-status-connected.php b/src/views/account-status-connected.php
index 085b1dca..5983bdd7 100644
--- a/src/views/account-status-connected.php
+++ b/src/views/account-status-connected.php
@@ -1,3 +1,16 @@
+<?php
+/**
+ * Account status connected view.
+ *
+ * Account connection status.
+ * @var object $status {
+ *     @type bool        $ok      Whether the API connection is successful.
+ *     @type bool        $pending Whether the connection is pending activation.
+ *     @type string|null $message Optional status message.
+ * }
+ * @var string $key The API key.
+ */
+?>
 <div class="tiny-account-status" id="tiny-account-status" data-state="complete">
 	<div class="status <?php echo $status->ok ? ( $status->pending ? 'status-pending' : 'status-success' ) : 'status-failure'; ?>">
 		<p class="status"><span>
@@ -39,7 +52,7 @@
 						),
 						$strong
 					),
-					$remaining_credits
+					intval( $remaining_credits )
 				);
 			} elseif ( ! $status->pending ) {
 				printf(
@@ -48,7 +61,7 @@
 						'You have made %s compressions this month.',
 						'tiny-compress-images'
 					),
-					$compressions
+					intval( $compressions )
 				);
 			}
 		} elseif ( isset( $status->message ) ) {
@@ -92,7 +105,15 @@
 					'Enter your API key. If you have lost your key, go to your %s to retrieve it.',
 					'tiny-compress-images'
 				),
-				$link
+				wp_kses(
+					$link,
+					array(
+						'a' => array(
+							'href'   => array(),
+							'target' => array(),
+						),
+					)
+				)
 			);
 			?>
 		</p>
@@ -115,7 +136,7 @@
 			<div class="button-container">
 				<div class="box">
 					<?php $encoded_email = str_replace( '%20', '%2B', rawurlencode( self::get_email_address() ) ); ?>
-					<a href="https://tinypng.com/dashboard/api?type=upgrade&mail=<?php echo $encoded_email; ?>" target="_blank" class="button button-primary upgrade-account">
+					<a href="<?php echo esc_url( 'https://tinypng.com/dashboard/api?type=upgrade&mail=' . $encoded_email ); ?>" target="_blank" class="button button-primary upgrade-account">
 						<?php esc_html_e( 'Upgrade account', 'tiny-compress-images' ); ?>
 					</a>
 				</div>
diff --git a/src/views/account-status-create-advanced.php b/src/views/account-status-create-advanced.php
index eccea9d5..26b98c12 100644
--- a/src/views/account-status-create-advanced.php
+++ b/src/views/account-status-create-advanced.php
@@ -47,13 +47,12 @@
 				'<a href="https://tinypng.com/dashboard/api" target="_blank">%s</a>',
 				esc_html__( 'API dashboard', 'tiny-compress-images' )
 			);
-			printf(
-				/* translators: %s: link saying API dashboard */
-				esc_html__(
-					'Enter your API key. Go to your %s to retrieve it.',
-					'tiny-compress-images'
-				),
-				$link
+			echo wp_kses_post(
+				sprintf(
+					/* translators: %s: link saying API dashboard */
+					__( 'Enter your API key. Go to your %s to retrieve it.', 'tiny-compress-images' ),
+					$link
+				)
 			);
 			?>
 		</p>
diff --git a/src/views/account-status-create-simple.php b/src/views/account-status-create-simple.php
index b3a21420..815a93bc 100644
--- a/src/views/account-status-create-simple.php
+++ b/src/views/account-status-create-simple.php
@@ -1,3 +1,10 @@
+<?php
+/**
+ * Settings form to configure an account
+ *
+ * @var string  $key
+ */
+?>
 <div class="tiny-account-status" id="tiny-account-status" data-state="missing">
 	<div class="update">
 		<h4><?php esc_html_e( 'Configure your account', 'tiny-compress-images' ); ?></h4>
@@ -11,13 +18,12 @@
 			esc_html_e( 'Enter your API key.', 'tiny-compress-images' );
 			echo ' ';
 
-			printf(
-				/* translators: %s: link saying TinyPNG developer section */
-				esc_html__(
-					'If needed you can go to the %s to retrieve it.',
-					'tiny-compress-images'
-				),
-				$link
+			echo wp_kses_post(
+				sprintf(
+					/* translators: %s: link saying TinyPNG developer section */
+					__( 'If needed you can go to the %s to retrieve it.', 'tiny-compress-images' ),
+					$link
+				)
 			);
 			?>
 		</p>
diff --git a/src/views/bulk-optimization-upgrade-notice.php b/src/views/bulk-optimization-upgrade-notice.php
index 7fa1ed01..66a5e099 100644
--- a/src/views/bulk-optimization-upgrade-notice.php
+++ b/src/views/bulk-optimization-upgrade-notice.php
@@ -1,3 +1,13 @@
+<?php
+/**
+ * Bulk optimization upgrade notice view.
+ *
+ * Upgrade notice shown when free plan credits are insufficient.
+ *
+ * @var string $email_address
+ * @var int    $remaining_credits
+ */
+?>
 <div class="upgrade-account-notice">
 	<div class="introduction">
 		<p>
@@ -14,7 +24,7 @@
 					),
 					$strong
 				),
-				$remaining_credits
+				intval( $remaining_credits )
 			);
 			?>
 		</p>
@@ -28,7 +38,7 @@
 		</p>
 	</div>
 	<?php $encoded_email = str_replace( '%20', '%2B', rawurlencode( $email_address ) ); ?>
-	<a href="https://tinypng.com/dashboard/api?type=upgrade&mail=<?php echo $encoded_email; ?>" target="_blank" class="button button-primary button-hero upgrade-account">
+	<a href="<?php echo esc_url( 'https://tinypng.com/dashboard/api?type=upgrade&mail=' . $encoded_email ); ?>" target="_blank" class="button button-primary button-hero upgrade-account">
 		<?php esc_html_e( 'Upgrade account', 'tiny-compress-images' ); ?>
 	</a>
 	<?php if ( $remaining_credits > 0 ) { ?>
diff --git a/src/views/bulk-optimization.php b/src/views/bulk-optimization.php
index b0aaebb2..77033875 100644
--- a/src/views/bulk-optimization.php
+++ b/src/views/bulk-optimization.php
@@ -1,31 +1,49 @@
+<?php
+/**
+ * Bulk optimization view.
+ *
+ * @var array       $admin_colors
+ * @var array       $stats
+ * @var array       $active_tinify_sizes
+ * @var float       $estimated_costs
+ * @var string      $email_address
+ * @var bool        $is_on_free_plan
+ * @var int         $remaining_credits
+ * @var Tiny_Plugin $this
+ */
+
+$total_sizes   = $stats['optimized-image-sizes'] + $stats['available-unoptimized-sizes'];
+$settings_url  = admin_url( 'options-general.php?page=tinify' );
+$friendly_name = $this->friendly_user_name();
+?>
 <style>
 
 /* Admin color scheme colors */
 
 div.tiny-bulk-optimization div.available div.tooltip span.dashicons {
-	color: <?php echo $admin_colors[3]; ?>;
+	color: <?php echo esc_attr( $admin_colors[3] ); ?>;
 }
 div.tiny-bulk-optimization div.savings div.tiny-optimization-chart div.value {
-	color: <?php echo $admin_colors[2]; ?>;
+	color: <?php echo esc_attr( $admin_colors[2] ); ?>;
 }
 div.tiny-bulk-optimization div.savings div.tiny-optimization-chart svg circle.main {
-	stroke: <?php echo $admin_colors[2]; ?>;
+	stroke: <?php echo esc_attr( $admin_colors[2] ); ?>;
 }
 div.tiny-bulk-optimization div.savings table td.emphasize {
-	color: <?php echo $admin_colors[2]; ?>;
+	color: <?php echo esc_attr( $admin_colors[2] ); ?>;
 }
 div.tiny-bulk-optimization div.dashboard div.optimize div.progressbar div.progress {
-	background-color: <?php echo $admin_colors[0]; ?>;
+	background-color: <?php echo esc_attr( $admin_colors[0] ); ?>;
 	background-image: linear-gradient(
 		-63deg,
-		<?php echo $admin_colors[0]; ?> 0%,
-		<?php echo $admin_colors[0]; ?> 25%,
-		<?php echo $admin_colors[1]; ?> 25%,
-		<?php echo $admin_colors[1]; ?> 50%,
-		<?php echo $admin_colors[0]; ?> 50%,
-		<?php echo $admin_colors[0]; ?> 75%,
-		<?php echo $admin_colors[1]; ?> 75%,
-		<?php echo $admin_colors[1]; ?> 100%
+		<?php echo esc_attr( $admin_colors[0] ); ?> 0%,
+		<?php echo esc_attr( $admin_colors[0] ); ?> 25%,
+		<?php echo esc_attr( $admin_colors[1] ); ?> 25%,
+		<?php echo esc_attr( $admin_colors[1] ); ?> 50%,
+		<?php echo esc_attr( $admin_colors[0] ); ?> 50%,
+		<?php echo esc_attr( $admin_colors[0] ); ?> 75%,
+		<?php echo esc_attr( $admin_colors[1] ); ?> 75%,
+		<?php echo esc_attr( $admin_colors[1] ); ?> 100%
 	);
 }
 
@@ -41,10 +59,10 @@
 					<h3><?php esc_html_e( 'Available Images', 'tiny-compress-images' ); ?></h3>
 					<p>
 						<?php
-						if ( 0 == $stats['optimized-image-sizes'] + $stats['available-unoptimized-sizes'] ) {
+						if ( 0 == $total_sizes ) {
 							$percentage = 0;
 						} else {
-							$percentage_of_files = round( $stats['optimized-image-sizes'] / ( $stats['optimized-image-sizes'] + $stats['available-unoptimized-sizes'] ) * 100, 2 );
+							$percentage_of_files = round( $stats['optimized-image-sizes'] / $total_sizes * 100, 2 );
 						}
 						if ( 0 == $stats['uploaded-images'] + $stats['available-unoptimized-sizes'] ) {
 							esc_html_e( 'This page is designed to bulk optimize all your images.', 'tiny-compress-images' );
@@ -54,20 +72,20 @@
 							esc_html_e( 'Based on your current settings, nothing will be optimized. There are no active sizes selected for optimization.', 'tiny-compress-images' );
 						} elseif ( 0 == $stats['available-unoptimized-sizes'] ) {
 							/* translators: %s: friendly user name */
-							printf( esc_html__( '%s, this is great! Your entire library is optimized!', 'tiny-compress-images' ), $this->friendly_user_name() );
+							printf( esc_html__( '%s, this is great! Your entire library is optimized!', 'tiny-compress-images' ), esc_html( $friendly_name ) );
 							echo '<br />';
 							require __DIR__ . '/request-review.php';
 						} elseif ( $stats['optimized-image-sizes'] > 0 ) {
 							if ( $percentage_of_files > 75 ) {
 								/* translators: %s: friendly user name */
-								printf( esc_html__( '%s, you are doing great!', 'tiny-compress-images' ), $this->friendly_user_name() );
+									printf( esc_html__( '%s, you are doing great!', 'tiny-compress-images' ), esc_html( $friendly_name ) );
 							} else {
 								/* translators: %s: friendly user name */
-								printf( esc_html__( '%s, you are doing good.', 'tiny-compress-images' ), $this->friendly_user_name() );
+									printf( esc_html__( '%s, you are doing good.', 'tiny-compress-images' ), esc_html( $friendly_name ) );
 							}
 							echo ' ';
 								/* translators: %1$d%2$s: percentage optimised */
-								printf( esc_html__( '%1$d%2$s of your image library is optimized.', 'tiny-compress-images' ), $percentage_of_files, '%' );
+									printf( esc_html__( '%1$d%2$s of your image library is optimized.', 'tiny-compress-images' ), absint( $percentage_of_files ), '%' );
 							echo ' ';
 							/* translators: %s: bulk optimization title */
 							printf( esc_html__( 'Start the %s to optimize the remainder of your library.', 'tiny-compress-images' ), esc_html__( 'bulk optimization', 'tiny-compress-images' ) );
@@ -95,7 +113,7 @@
 									?>
 								</h3>
 								<span id="uploaded-images">
-									<?php echo $stats['uploaded-images']; ?>
+									<?php echo esc_html( $stats['uploaded-images'] ); ?>
 								</span>
 							</td>
 							<td class="item">
@@ -110,7 +128,7 @@
 									?>
 								</h3>
 								<span id="optimizable-image-sizes">
-									<?php echo $stats['available-unoptimized-sizes']; ?>
+									<?php echo esc_html( $stats['available-unoptimized-sizes'] ); ?>
 								</span>
 								<div class="tooltip">
 									<span class="dashicons dashicons-info"></span>
@@ -124,8 +142,8 @@
 														'With your current settings you can still optimize %1$s image sizes from your %2$s uploaded JPEG, PNG, and WebP images.',
 														'tiny-compress-images'
 													),
-													$stats['available-unoptimized-sizes'],
-													$stats['uploaded-images']
+													esc_html( $stats['available-unoptimized-sizes'] ),
+													esc_html( $stats['uploaded-images'] )
 												);
 												?>
 											</p>
@@ -176,7 +194,7 @@
 													),
 												)
 											),
-											'<a href=' . admin_url( 'options-general.php?page=tinify' ) . '>' . __( 'here', 'tiny-compress-images' ) . '</a>'
+											'<a href="' . esc_url( $settings_url ) . '">' . esc_html__( 'here', 'tiny-compress-images' ) . '</a>'
 										)
 										?>
 										</p>
@@ -213,9 +231,9 @@
 														),
 													)
 												),
-												Tiny_Config::MONTHLY_FREE_COMPRESSIONS,
+												(int) Tiny_Config::MONTHLY_FREE_COMPRESSIONS,
 												esc_html__( 'image sizes', 'tiny-compress-images' ),
-												'<a target="_blank" href="https://tinypng.com/dashboard/api?type=upgrade&mail=' . str_replace( '%20', '%2B', rawurlencode( $email_address ) ) . '">' . esc_html__( ' upgrade here', 'tiny-compress-images' ) . '</a>'
+												'<a target="_blank" href="' . esc_url( 'https://tinypng.com/dashboard/api?type=upgrade&mail=' . str_replace( '%20', '%2B', rawurlencode( $email_address ) ) ) . '">' . esc_html__( ' upgrade here', 'tiny-compress-images' ) . '</a>'
 											);
 											?>
 											</p>
@@ -237,7 +255,7 @@
 									),
 								)
 							),
-							'<a href=' . admin_url( 'options-general.php?page=tinify' ) . '>' . __( 'here', 'tiny-compress-images' ) . '</a>'
+							'<a href="' . esc_url( $settings_url ) . '">' . esc_html__( 'here', 'tiny-compress-images' ) . '</a>'
 						)
 						?>
 					</div>
@@ -256,23 +274,23 @@
 						<table>
 							<tr>
 								<td id="optimized-image-sizes" class="value emphasize">
-									<?php echo $stats['optimized-image-sizes']; ?>
+									<?php echo esc_html( $stats['optimized-image-sizes'] ); ?>
 								</td>
 								<td class="description">
-									<?php echo _n( 'image size optimized', 'image sizes optimized', $stats['optimized-image-sizes'], 'tiny-compress-images' ); ?>
+									<?php echo esc_html( _n( 'image size optimized', 'image sizes optimized', $stats['optimized-image-sizes'], 'tiny-compress-images' ) ); ?>
 								</td>
 							</tr>
 							<tr>
-								<td id="unoptimized-library-size" class="value" data-bytes="<?php echo $stats['unoptimized-library-size']; ?>" >
-									<?php echo ( $stats['unoptimized-library-size'] ? size_format( $stats['unoptimized-library-size'], 2 ) : '-' ); ?>
+								<td id="unoptimized-library-size" class="value" data-bytes="<?php echo esc_attr( $stats['unoptimized-library-size'] ); ?>" >
+									<?php echo esc_html( $stats['unoptimized-library-size'] ? size_format( $stats['unoptimized-library-size'], 2 ) : '-' ); ?>
 								</td>
 								<td class="description">
 									<?php esc_html_e( 'initial size', 'tiny-compress-images' ); ?>
 								</td>
 							</tr>
 							<tr>
-								<td id="optimized-library-size" class="value emphasize" data-bytes="<?php echo $stats['optimized-library-size']; ?>" class="green">
-									<?php echo ( $stats['optimized-library-size'] ? size_format( $stats['optimized-library-size'], 2 ) : '-' ); ?>
+								<td id="optimized-library-size" class="value emphasize" data-bytes="<?php echo esc_attr( $stats['optimized-library-size'] ); ?>" class="green">
+									<?php echo esc_html( $stats['optimized-library-size'] ? size_format( $stats['optimized-library-size'], 2 ) : '-' ); ?>
 								</td>
 								<td class="description">
 									<?php esc_html_e( 'current size', 'tiny-compress-images' ); ?>
@@ -285,13 +303,13 @@
 		</div>
 		<?php $show_notice = $is_on_free_plan && $stats['available-unoptimized-sizes'] > $remaining_credits; ?>
 		<div class="optimize">
-			<div class="progressbar" id="compression-progress-bar" data-number-to-optimize="<?php echo $stats['optimized-image-sizes'] + $stats['available-unoptimized-sizes']; ?>" data-amount-optimized="0" style="<?php echo $show_notice ? 'display:none;' : ''; ?>">
+			<div class="progressbar" id="compression-progress-bar" data-number-to-optimize="<?php echo esc_attr( $total_sizes ); ?>" data-amount-optimized="0" style="<?php echo $show_notice ? 'display:none;' : ''; ?>">
 				<div id="progress-size" class="progress">
 				</div>
 				<div class="numbers" >
-					<span id="optimized-so-far"><?php echo $stats['optimized-image-sizes']; ?></span>
-					/
-					<span><?php echo $stats['optimized-image-sizes'] + $stats['available-unoptimized-sizes']; ?></span>
+				<span id="optimized-so-far"><?php echo esc_html( $stats['optimized-image-sizes'] ); ?></span>
+				/
+				<span><?php echo esc_html( $total_sizes ); ?></span>
 					<span id="percentage"></span>
 				</div>
 			</div>
diff --git a/src/views/compress-details-processing.php b/src/views/compress-details-processing.php
index 7d7c1ee9..13bb7e25 100644
--- a/src/views/compress-details-processing.php
+++ b/src/views/compress-details-processing.php
@@ -1,4 +1,11 @@
-<div class="details-container" data-status="compressing" data-id="<?php echo $tiny_image->get_id(); ?>">
+<?php
+/**
+ * Loading indicator on media overview page
+ *
+ * @var Tiny_Image  $tiny_image
+ */
+?>
+<div class="details-container" data-status="compressing" data-id="<?php echo esc_attr( $tiny_image->get_id() ); ?>">
 	<div class="details">
 		<span class="icon spinner"></span>
 		<span class="message">
diff --git a/src/views/compress-details.php b/src/views/compress-details.php
index 7693f25e..9b6431d4 100644
--- a/src/views/compress-details.php
+++ b/src/views/compress-details.php
@@ -1,4 +1,10 @@
 <?php
+/**
+ * Compression details on media overview page.
+ *
+ * @var Tiny_Plugin $this       The plugin instance.
+ * @var Tiny_Image  $tiny_image The image being compressed.
+ */
 
 $available_sizes              = array_keys( $this->settings->get_sizes() );
 $conversion_enabled           = $this->settings->get_conversion_enabled();
@@ -47,7 +53,7 @@
 							'strong' => array(),
 						)
 					),
-					$total['has_been_compressed']
+					absint( $total['has_been_compressed'] )
 				);
 				?>
 			</span>
@@ -57,7 +63,7 @@
 			<span class="message">
 				<?php
 				/* translators: %d: number of sizes to be compressed */
-				printf( esc_html( _n( '%d size to be compressed', '%d sizes to be compressed', $available_uncompressed_sizes, 'tiny-compress-images' ) ), $available_uncompressed_sizes );
+				printf( esc_html( _n( '%d size to be compressed', '%d sizes to be compressed', $available_uncompressed_sizes, 'tiny-compress-images' ) ), absint( $available_uncompressed_sizes ) );
 				?>
 			</span>
 			<br>
@@ -76,7 +82,7 @@
 									'strong' => array(),
 								)
 							),
-							$total['has_been_converted']
+							absint( $total['has_been_converted'] )
 						);
 						?>
 					</span>
@@ -86,7 +92,7 @@
 			<span class="message">
 				<?php
 				/* translators: %d: number of sizes to be converted */
-				printf( esc_html( _n( '%d size to be converted', '%d sizes to be converted', $active['unconverted'], 'tiny-compress-images' ) ), $active['unconverted'] );
+				printf( esc_html( _n( '%d size to be converted', '%d sizes to be converted', $active['unconverted'], 'tiny-compress-images' ) ), absint( $active['unconverted'] ) );
 				?>
 			</span>
 			<br>
@@ -98,7 +104,7 @@
 			<span class="message">
 				<?php
 				/* translators: %.0f%: savings percentage */
-				printf( esc_html__( 'Total savings %.0f%%', 'tiny-compress-images' ), ( 1 - $size_after / floatval( $size_before ) ) * 100 );
+				printf( esc_html__( 'Total savings %.0f%%', 'tiny-compress-images' ), ( 1 - floatval( $size_after ) / floatval( $size_before ) ) * 100 );
 				?>
 			</span>
 			<br>
@@ -109,7 +115,7 @@
 			</span>
 			<br>
 		<?php } ?>
-		<a class="thickbox message" href="#TB_inline?width=700&amp;height=500&amp;inlineId=modal_<?php echo $tiny_image->get_id(); ?>">
+		<a class="thickbox message" href="#TB_inline?width=700&amp;height=500&amp;inlineId=modal_<?php echo absint( $tiny_image->get_id() ); ?>">
 			<?php esc_html_e( 'Details', 'tiny-compress-images' ); ?>
 		</a>
 	</div>
@@ -117,28 +123,28 @@
 		<?php if ( in_array( $tiny_image->get_id(), $images_to_compress, true ) ) { ?>
 			<span class="hidden auto-compress"></span>
 		<?php } ?>
-		<button type="button" class="tiny-compress button button-small button-primary" data-id="<?php echo $tiny_image->get_id(); ?>">
+		<button type="button" class="tiny-compress button button-small button-primary" data-id="<?php echo absint( $tiny_image->get_id() ); ?>">
 			<?php esc_html_e( 'Compress', 'tiny-compress-images' ); ?>
 		</button>
-		<button type="button" class="tiny-mark-as-compressed button button-small button-secondary" data-id="<?php echo $tiny_image->get_id(); ?>">
+		<button type="button" class="tiny-mark-as-compressed button button-small button-secondary" data-id="<?php echo absint( $tiny_image->get_id() ); ?>">
 			<?php esc_html_e( 'Mark as Compressed', 'tiny-compress-images' ); ?>
 		</button>
 	<?php } elseif ( $active['unconverted'] > 0 && $tiny_image->can_be_converted() ) { ?>
-		<button type="button" class="tiny-compress button button-small button-primary" data-id="<?php echo $tiny_image->get_id(); ?>">
+		<button type="button" class="tiny-compress button button-small button-primary" data-id="<?php echo absint( $tiny_image->get_id() ); ?>">
 			<?php esc_html_e( 'Convert', 'tiny-compress-images' ); ?>
 		</button>
-		<button type="button" class="tiny-mark-as-compressed button button-small button-secondary" data-id="<?php echo $tiny_image->get_id(); ?>">
+		<button type="button" class="tiny-mark-as-compressed button button-small button-secondary" data-id="<?php echo absint( $tiny_image->get_id() ); ?>">
 			<?php esc_html_e( 'Mark as Converted', 'tiny-compress-images' ); ?>
 		</button>
 	<?php } ?>
 </div>
 
-<div class="modal" id="modal_<?php echo $tiny_image->get_id(); ?>">
+<div class="modal" id="modal_<?php echo absint( $tiny_image->get_id() ); ?>">
 	<div class="tiny-compression-details">
 		<h3>
 			<?php
 			/* translators: %s is the image filename */
-			printf( esc_html__( 'Compression details for %s', 'tiny-compress-images' ), $tiny_image->get_name() );
+			printf( esc_html__( 'Compression details for %s', 'tiny-compress-images' ), esc_html( $tiny_image->get_name() ) );
 			?>
 		</h3>
 		<table>
@@ -177,7 +183,7 @@
 						echo '<em>' . esc_html__( '(WP Retina 2x)', 'tiny-compress-images' ) . '</em>';
 					} elseif ( $size->resized() ) {
 						/* translators: %1$dx%2$d: resized image width x height */
-						printf( '<em>' . esc_html__( '(resized to %1$dx%2$d)', 'tiny-compress-images' ) . '</em>', $size->meta['output']['width'], $size->meta['output']['height'] );
+						printf( '<em>' . esc_html__( '(resized to %1$dx%2$d)', 'tiny-compress-images' ) . '</em>', absint( $size->meta['output']['width'] ), absint( $size->meta['output']['height'] ) );
 					}
 					echo '</td>';
 
@@ -187,28 +193,28 @@
 						printf( '<td colspan=4><em>' . esc_html__( 'Same file as "%s"', 'tiny-compress-images' ) . '</em></td>', esc_html( ucfirst( $size->duplicate_of_size() ) ) );
 					} elseif ( $size->has_been_compressed() ) {
 
-						echo '<td>' . size_format( $size->meta['input']['size'], 1 ) . '</td>';
-						echo '<td>' . size_format( $size->meta['output']['size'], 1 ) . '</td>';
+						echo '<td>' . esc_html( size_format( $size->meta['input']['size'], 1 ) ) . '</td>';
+						echo '<td>' . esc_html( size_format( $size->meta['output']['size'], 1 ) ) . '</td>';
 						echo '<td>' . esc_html( $size->meta['output']['type'] ) . '</td>';
 						if ( $conversion_enabled ) {
-							echo '<td>' . $size->conversion_text() . '</td>';
+							echo '<td>' . esc_html( $size->conversion_text() ) . '</td>';
 						}
 						/* translators: %s human friendly time difference */
-						echo '<td>' . sprintf( esc_html__( '%s ago', 'tiny-compress-images' ), human_time_diff( $size->end_time( $size_name ) ) ) . '</td>';
+						echo '<td>' . sprintf( esc_html__( '%s ago', 'tiny-compress-images' ), esc_html( human_time_diff( $size->end_time( $size_name ) ) ) ) . '</td>';
 					} elseif ( ! $size->exists() ) {
 						echo '<td>-</td>';
 						echo '<td colspan=4><em>' . esc_html__( 'Not present', 'tiny-compress-images' ) . '</em></td>';
 					} elseif ( isset( $size_active[ $size_name ] ) || Tiny_Image::is_retina( $size_name ) ) {
-						echo '<td>' . size_format( $size->filesize(), 1 ) . '</td>';
+						echo '<td>' . esc_html( size_format( $size->filesize(), 1 ) ) . '</td>';
 						echo '<td colspan=5><em>' . esc_html__( 'Not compressed', 'tiny-compress-images' ) . '</em></td>';
 					} elseif ( isset( $size_exists[ $size_name ] ) ) {
-						echo '<td>' . size_format( $size->filesize(), 1 ) . '</td>';
+						echo '<td>' . esc_html( size_format( $size->filesize(), 1 ) ) . '</td>';
 						echo '<td colspan=4><em>' . esc_html__( 'Not configured to be compressed', 'tiny-compress-images' ) . '</em></td>';
 					} elseif ( ! array_key_exists( $size_name, $active_sizes ) ) {
-						echo '<td>' . size_format( $size->filesize(), 1 ) . '</td>';
+						echo '<td>' . esc_html( size_format( $size->filesize(), 1 ) ) . '</td>';
 						echo '<td colspan=4><em>' . esc_html__( 'Size is not in use', 'tiny-compress-images' ) . '</em></td>';
 					} else {
-						echo '<td>' . size_format( $size->filesize(), 1 ) . '</td>';
+						echo '<td>' . esc_html( size_format( $size->filesize(), 1 ) ) . '</td>';
 						echo '<td>-</td>';
 						echo '<td>-</td>';
 						echo '<td>-</td>';
@@ -224,8 +230,8 @@
 				<tfoot>
 					<tr>
 						<td><?php esc_html_e( 'Combined', 'tiny-compress-images' ); ?></td>
-						<td><?php echo size_format( $size_before, 1 ); ?></td>
-						<td><?php echo size_format( $size_after, 1 ); ?></td>
+					<td><?php echo esc_html( size_format( $size_before, 1 ) ); ?></td>
+						<td><?php echo esc_html( size_format( $size_after, 1 ) ); ?></td>
 						<td></td>
 						<?php
 						if ( $conversion_enabled ) {
@@ -245,8 +251,8 @@
 					printf(
 						/* translators: %1$.0f%%: savings percentage, %2$s: total file size savings */
 						esc_html__( 'Total savings %1$.0f%% (%2$s)', 'tiny-compress-images' ),
-						( 1 - $size_after / floatval( $size_before ) ) * 100,
-						size_format( $size_before - $size_after, 1 )
+						( 1 - floatval( $size_after ) / floatval( $size_before ) ) * 100,
+						esc_html( size_format( $size_before - $size_after, 1 ) )
 					);
 				} else {
 					/* translators: %.0f%%: savings percentage */
diff --git a/src/views/dashboard-widget.php b/src/views/dashboard-widget.php
index 24417574..5cc866b6 100644
--- a/src/views/dashboard-widget.php
+++ b/src/views/dashboard-widget.php
@@ -1,5 +1,12 @@
 <?php
-$link = "<a href='" . admin_url( 'upload.php?page=tiny-bulk-optimization' ) . "'>" . esc_html__( 'bulk optimization', 'tiny-compress-images' ) . '</a>';
+
+/**
+ * Dashboard Widget
+ *
+ * @var array       $admin_colors
+ *
+ */
+$link = '<a href="' . esc_url( admin_url( 'upload.php?page=tiny-bulk-optimization' ) ) . '">' . esc_html__( 'bulk optimization', 'tiny-compress-images' ) . '</a>';
 ?>
 <style type="text/css" >
 div#tinypng_dashboard_widget div.description {
@@ -9,7 +16,7 @@
 	display: none;
 }
 div#tinypng_dashboard_widget div#optimization-chart svg circle.main {
-	stroke: <?php echo $admin_colors[2]; ?>;
+	stroke: <?php echo esc_attr( $admin_colors[2] ); ?>;
 }
 </style>
 
@@ -25,7 +32,7 @@
 	<p>
 		<?php
 		/* translators: %s: friendly user name */
-		printf( esc_html__( 'Hi %s, you haven’t compressed any images in your media library.', 'tiny-compress-images' ), $this->friendly_user_name() );
+		printf( esc_html__( 'Hi %s, you haven\'t compressed any images in your media library.', 'tiny-compress-images' ), esc_html( $this->friendly_user_name() ) );
 		echo ' ';
 		printf(
 			wp_kses(
@@ -37,7 +44,7 @@
 					),
 				)
 			),
-			$link
+			wp_kses( $link, array( 'a' => array( 'href' => array() ) ) )
 		);
 		?>
 	</p>
@@ -46,7 +53,7 @@
 	<p>
 		<?php
 		/* translators: %s: friendly user name */
-		printf( esc_html__( '%s, you are doing good.', 'tiny-compress-images' ), $this->friendly_user_name() );
+		printf( esc_html__( '%s, you are doing good.', 'tiny-compress-images' ), esc_html( $this->friendly_user_name() ) );
 		echo ' ';
 		/* translators: %s: number of optimizable sizes and number of uploaded images */
 		printf( esc_html__( 'With your current settings you can still optimize %1$s image sizes from your %2$s uploaded JPEG, PNG, and WebP images.', 'tiny-compress-images' ), '<span id="unoptimized-sizes"></span>', '<span id="uploaded-images"></span>' );
@@ -61,7 +68,7 @@
 					),
 				)
 			),
-			$link
+			wp_kses( $link, array( 'a' => array( 'href' => array() ) ) )
 		);
 		?>
 	</p>
@@ -70,7 +77,7 @@
 	<p>
 		<?php
 		/* translators: %s: friendly user name */
-		printf( esc_html__( '%s, this is great! Your entire library is optimized!', 'tiny-compress-images' ), $this->friendly_user_name() );
+		printf( esc_html__( '%s, this is great! Your entire library is optimized!', 'tiny-compress-images' ), esc_html( $this->friendly_user_name() ) );
 		echo ' ';
 		require __DIR__ . '/request-review.php';
 		?>
diff --git a/src/views/notice-feedback.php b/src/views/notice-feedback.php
index 813a909e..b7734106 100644
--- a/src/views/notice-feedback.php
+++ b/src/views/notice-feedback.php
@@ -1,7 +1,7 @@
 <?php
 $review_url   = 'https://wordpress.org/support/plugin/tiny-compress-images/reviews/#new-post';
 $review_block = sprintf(
-	'<a href="%s" target="_blank">%s</span></a>',
+	'<a href="%s" target="_blank">%s</a>',
 	esc_url( $review_url ),
 	esc_html__( 'Leave a review', 'tiny-compress-images' )
 );
@@ -9,8 +9,9 @@
 
 <div class="notice notice-success is-dismissible tiny-notice" data-name="feedback">
 	<p>
-		<strong><?php _e( 'Enjoying TinyPNG?', 'tiny-compress-images' ); ?></strong>
-		<span><?php _e( 'Take 30 seconds to let us know what you think!', 'tiny-compress-images' ); ?></span>
-		<?php echo $review_block; ?>
-	<a href="#" class="tiny-dismiss"></a></p>
+		<strong><?php esc_html_e( 'Enjoying TinyPNG?', 'tiny-compress-images' ); ?></strong>
+		<span><?php esc_html_e( 'Take 30 seconds to let us know what you think!', 'tiny-compress-images' ); ?></span>
+		<?php echo wp_kses_post( $review_block ); ?>
+		<a href="#" class="tiny-dismiss"></a>
+	</p>
 </div>
\ No newline at end of file
diff --git a/src/views/optimization-chart.php b/src/views/optimization-chart.php
index 4013b5f3..d9cb1931 100644
--- a/src/views/optimization-chart.php
+++ b/src/views/optimization-chart.php
@@ -22,34 +22,34 @@
 <style>
 
 div.tiny-optimization-chart svg circle.main {
-	stroke-width: <?php echo $chart['dash-stroke']; ?>;
-	stroke-dasharray: <?php echo $chart['dash-array-size'] . ' ' . $chart['circle-size']; ?>;
+	stroke-width: <?php echo esc_attr( $chart['dash-stroke'] ); ?>;
+	stroke-dasharray: <?php echo esc_attr( $chart['dash-array-size'] ) . ' ' . esc_attr( $chart['circle-size'] ); ?>;
 }
 
 div.tiny-optimization-chart div.value {
-	min-width: <?php echo $chart['size']; ?>px;
+	min-width: <?php echo esc_attr( $chart['size'] ); ?>px;
 }
 
 <?php if ( isset( $stats ) ) { ?>
 	@keyframes shwoosh {
 		from {
-			stroke-dasharray: <?php echo '0 ' . $chart['circle-size']; ?>
+			stroke-dasharray: <?php echo '0 ' . esc_attr( $chart['circle-size'] ); ?>
 		}
 		to {
-			stroke-dasharray: <?php echo $chart['dash-array-size'] . ' ' . $chart['circle-size']; ?>
+			stroke-dasharray: <?php echo esc_attr( $chart['dash-array-size'] ) . ' ' . esc_attr( $chart['circle-size'] ); ?>
 		}
 	}
 <?php } ?>
 
 </style>
 
-<div id="optimization-chart" class="tiny-optimization-chart" data-full-circle-size="<?php echo $chart['circle-size']; ?>" data-percentage-factor="<?php echo $chart['main-radius']; ?>" >
-	<svg width="<?php echo $chart['size']; ?>" height="<?php echo $chart['size']; ?>">
-		<circle class="main" transform="rotate(-90, <?php echo $chart['center']; ?>, <?php echo $chart['center']; ?>)" r="<?php echo $chart['main-radius']; ?>" cx="<?php echo $chart['center']; ?>" cy="<?php echo $chart['center']; ?>"/>
-		<circle class="inner" r="<?php echo $chart['inner-radius']; ?>" cx="<?php echo $chart['center']; ?>" cy="<?php echo $chart['center']; ?>" />
+<div id="optimization-chart" class="tiny-optimization-chart" data-full-circle-size="<?php echo esc_attr( $chart['circle-size'] ); ?>" data-percentage-factor="<?php echo esc_attr( $chart['main-radius'] ); ?>" >
+	<svg width="<?php echo esc_attr( $chart['size'] ); ?>" height="<?php echo esc_attr( $chart['size'] ); ?>">
+		<circle class="main" transform="rotate(-90, <?php echo esc_attr( $chart['center'] ); ?>, <?php echo esc_attr( $chart['center'] ); ?>)" r="<?php echo esc_attr( $chart['main-radius'] ); ?>" cx="<?php echo esc_attr( $chart['center'] ); ?>" cy="<?php echo esc_attr( $chart['center'] ); ?>"/>
+		<circle class="inner" r="<?php echo esc_attr( $chart['inner-radius'] ); ?>" cx="<?php echo esc_attr( $chart['center'] ); ?>" cy="<?php echo esc_attr( $chart['center'] ); ?>" />
 	</svg>
 	<div class="value">
-		<div class="percentage" id="savings-percentage"><span><?php echo $chart['percentage']; ?></span>%</div>
+		<div class="percentage" id="savings-percentage"><span><?php echo esc_html( $chart['percentage'] ); ?></span>%</div>
 		<div class="label" ><?php esc_html_e( 'savings', 'tiny-compress-images' ); ?></div>
 	</div>
 </div>
diff --git a/test/helpers/wordpress.php b/test/helpers/wordpress.php
index 1ec1397e..2a52c2b6 100644
--- a/test/helpers/wordpress.php
+++ b/test/helpers/wordpress.php
@@ -103,6 +103,7 @@ public function __construct($vfs)
 		$this->addMethod('wp_send_json_error');
 		$this->addMethod('get_temp_dir');
 		$this->addMethod('esc_attr');
+		$this->addMethod('checked');
 		$this->addMethod('insert_with_markers');
 		$this->addMethod('esc_html_e');
 		$this->addMethod('esc_html');
@@ -542,6 +543,22 @@ public function esc_attr($text)
 		return $text;
 	}
 
+	/**
+	 * Mocked function for https://developer.wordpress.org/reference/functions/checked/
+	 *
+	 * @return string
+	 */
+	public function checked($checked, $current = true, $display = true)
+	{
+		$result = ((string) $checked === (string) $current) ? " checked='checked'" : '';
+
+		if ($display) {
+			echo $result;
+		}
+
+		return $result;
+	}
+
 	/**
 	 * Mocked function for https://developer.wordpress.org/reference/functions/esc_html_e/
 	 *
diff --git a/test/integration/dashboardwidget.spec.ts b/test/integration/dashboardwidget.spec.ts
index df818297..50836014 100644
--- a/test/integration/dashboardwidget.spec.ts
+++ b/test/integration/dashboardwidget.spec.ts
@@ -30,7 +30,7 @@ test.describe('dashboardwidget', () => {
 
     await page.goto('/wp-admin/index.php');
     await expect(
-      page.getByText('Hi Admin, you haven’t compressed any images in your media library. If you like you can to optimize your whole library in one go with the bulk optimization page.')
+      page.getByText(`Hi Admin, you haven't compressed any images in your media library. If you like you can to optimize your whole library in one go with the bulk optimization page.`)
     ).toBeVisible();
   });