Deprecate phutil_escape_html()

Summary: My original idea was to return safe HTML from this function. But we are down to 20 occurrences in Phabricator and you shouldn't need this function in safe HTML world at all. Test Plan: $ arc lint src/applications/audit/controller/PhabricatorAuditListController.php Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Differential Revision: https://secure.phabricator.com/D4890
2025-02-22 19:49:01 +01:00 · 2013-02-09 15:04:20 -08:00 · 2013-02-09 15:04:20 -08:00 · 6a70964a40
commit 6a70964a40
parent f10f2ffb9c
1 changed files with 5 additions and 1 deletions
--- a/src/lint/linter/ArcanistPhutilXHPASTLinter.php
+++ b/src/lint/linter/ArcanistPhutilXHPASTLinter.php
@ -30,7 +30,7 @@ final class ArcanistPhutilXHPASTLinter extends ArcanistBaseXHPASTLinter {
    return array(
      self::LINT_PHT_WITH_DYNAMIC_STRING => 'Use of pht() on Dynamic String',
      self::LINT_ARRAY_COMBINE           => 'array_combine() Unreliable',
-      self::LINT_DEPRECATED_FUNCTION     => 'Use of deprecated function',
+      self::LINT_DEPRECATED_FUNCTION     => 'Use of Deprecated Function',
      self::LINT_UNSAFE_DYNAMIC_STRING   => 'Unsafe Usage of Dynamic String',
    );
  }
@ -198,6 +198,10 @@ final class ArcanistPhutilXHPASTLinter extends ArcanistBaseXHPASTLinter {
      'phabricator_render_form' =>
        'The phabricator_render_form() function is deprecated and unsafe. '.
        'Use phabricator_form() instead.',
+
+      'phutil_escape_html' =>
+        'The phutil_escape_html() function is deprecated. Raw strings passed '.
+        'to phutil_tag() or hsprintf() are escaped automatically.',
    );

    $function_calls = $root->selectDescendantsOfType('n_FUNCTION_CALL');