Convert AphrontFormLayoutView to safe HTML

Summary: Searched for `AphrontFormLayoutView` and then `appendChild()`.

Test Plan: /V1

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4856

src/applications/flag/controller/PhabricatorFlagEditController.php

@@ -52,9 +52,10 @@ final class PhabricatorFlagEditController extends PhabricatorFlagController {
 
     if ($is_new) {
       $form
-        ->appendChild(
+        ->appendChild(hsprintf(
-          "<p>You can flag this {$type_name} if you want to remember to look ".
+          "<p>You can flag this %s if you want to remember to look ".
-          "at it later.</p><br />");
+          "at it later.</p><br />",
+          $type_name));
     }
 
     $radio = new AphrontFormRadioButtonControl();

src/applications/ponder/view/PonderAddCommentView.php

@@ -45,7 +45,7 @@ final class PonderAddCommentView extends AphrontView {
 
     $view = id(new AphrontMoreView())
       ->setSome('')
-      ->setMore(phutil_safe_html($form->render()))
+      ->setMore($form->render())
       ->setExpandText('Add Comment');
 
     return $view->render();

src/applications/slowvote/controller/PhabricatorSlowvotePollController.php

@@ -208,19 +208,19 @@ final class PhabricatorSlowvotePollController
 
       require_celerity_resource('phabricator-remarkup-css');
 
-      $comment_markup[] =
+      $comment_markup[] = hsprintf(
         '<tr>'.
           '<th>'.
-            $handle->renderLink().
+            '%s'.
-            '<div class="phabricator-slowvote-datestamp">'.
+            '<div class="phabricator-slowvote-datestamp">%s</div>'.
-              phabricator_datetime($comment->getDateCreated(), $viewer).
+          '</th>'.
-            '</div>'.
           '<td>'.
-            '<div class="phabricator-remarkup">'.
+            '<div class="phabricator-remarkup">%s</div>'.
-              $markup.
-            '</div>'.
           '</td>'.
-        '</tr>';
+        '</tr>',
+        $handle->renderLink(),
+        phabricator_datetime($comment->getDateCreated(), $viewer),
+        $markup);
     }
 
     if ($comment_markup) {
@@ -229,7 +229,7 @@ final class PhabricatorSlowvotePollController
         array(
           'class' => 'phabricator-slowvote-comments',
         ),
-        new PhutilSafeHTML(implode("\n", $comment_markup)));
+        $comment_markup);
     } else {
       $comment_markup = null;
     }
@@ -373,7 +373,7 @@ final class PhabricatorSlowvotePollController
     }
 
     $result_markup = id(new AphrontFormLayoutView())
-      ->appendChild('<h1>Ongoing Deliberation</h1>');
+      ->appendChild(phutil_tag('h1', array(), 'Ongoing Deliberation'));
 
     if (!$can_see_responses) {
       if ($need_vote) {
@@ -382,8 +382,9 @@ final class PhabricatorSlowvotePollController
         $reason = "The results are not public.";
       }
       $result_markup
-        ->appendChild(
+        ->appendChild(hsprintf(
-          '<p class="aphront-form-instructions"><em>'.$reason.'</em></p>');
+          '<p class="aphront-form-instructions"><em>%s</em></p>',
+          $reason));
       return $result_markup;
     }
 
@@ -414,7 +415,6 @@ final class PhabricatorSlowvotePollController
                 'src' => $profile_image,
               )));
         }
-        $user_markup = implode('', $user_markup);
       } else {
         $user_markup = 'This option has failed to appeal to anyone.';
       }
@@ -428,18 +428,20 @@ final class PhabricatorSlowvotePollController
         $choices,
         $chosen);
 
-      $result_markup->appendChild(
+      $result_markup->appendChild(hsprintf(
         '<div>'.
-          '<div class="phabricator-slowvote-count">'.
+          '<div class="phabricator-slowvote-count">%s</div>'.
-            $vote_count.
+          '<h1>%s</h1>'.
-          '</div>'.
-          '<h1>'.phutil_escape_html($option->getName()).'</h1>'.
           '<hr class="phabricator-slowvote-hr" />'.
-          $user_markup.
+          '%s'.
-          '<div style="clear: both;">'.
+          '<div style="clear: both;" />'.
           '<hr class="phabricator-slowvote-hr" />'.
-          $comment_markup.
+          '%s'.
-        '</div>');
+        '</div>',
+        $vote_count,
+        $option->getName(),
+        phutil_tag('div', array(), $user_markup),
+        $comment_markup));
     }
 
     if ($poll->getMethod() == PhabricatorSlowvotePoll::METHOD_APPROVAL &&
@@ -448,7 +450,7 @@ final class PhabricatorSlowvotePollController
         $comments,
         $handles);
       $result_markup->appendChild(
-        '<h1>Motions Proposed for Consideration</h1>');
+        phutil_tag('h1', array(), 'Motions Proposed for Consideration'));
       $result_markup->appendChild($comment_markup);
     }
 

src/view/form/AphrontFormLayoutView.php

@@ -33,11 +33,11 @@ final class AphrontFormLayoutView extends AphrontView {
 
     $classes = implode(' ', $classes);
 
-    return phutil_render_tag(
+    return phutil_tag(
       'div',
       array(
         'class' => $classes,
       ),
-      $this->renderChildren());
+      $this->renderHTMLChildren());
   }
 }

src/view/form/AphrontFormView.php

@@ -68,7 +68,7 @@ final class AphrontFormView extends AphrontView {
 
     $layout
       ->appendChild($this->renderDataInputs())
-      ->appendChild($this->renderChildren());
+      ->appendChild($this->renderHTMLChildren());
 
     if (!$this->user) {
       throw new Exception('You must pass the user to AphrontFormView.');
@@ -79,7 +79,7 @@ final class AphrontFormView extends AphrontView {
       $sigils[] = 'workflow';
     }
 
-    return phabricator_render_form(
+    return phabricator_form(
       $this->user,
       array(
         'class'   => $this->flexible ? 'phabricator-form-view' : null,
@@ -106,7 +106,7 @@ final class AphrontFormView extends AphrontView {
           'value' => $value,
         ));
     }
-    return implode("\n", $inputs);
+    return $inputs;
   }
 
 }