From bcf9b9d4a7076a2c2019d8a9bdde73d6fcecd634 Mon Sep 17 00:00:00 2001
From: vrana <jakubv@fb.com>
Date: Tue, 5 Feb 2013 12:49:46 -0800
Subject: [PATCH] Convert some phutil_escape_html() to hsprintf()

Summary:
In the second phase, I want to get rid of the most of `phutil_escape_html()` calls in favor of plain strings or `PhutilSafeHTML`.
This is an example of how it could look.

Test Plan: /api/user.whoami

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4823
---
 .../controller/PhabricatorConduitAPIController.php       | 5 +----
 .../controller/PhabricatorConduitConsoleController.php   | 9 ++++-----
 .../controller/PhabricatorConduitTokenController.php     | 7 ++++---
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/src/applications/conduit/controller/PhabricatorConduitAPIController.php b/src/applications/conduit/controller/PhabricatorConduitAPIController.php
index 1cae2c40b7..b31ae55f2a 100644
--- a/src/applications/conduit/controller/PhabricatorConduitAPIController.php
+++ b/src/applications/conduit/controller/PhabricatorConduitAPIController.php
@@ -396,12 +396,9 @@ final class PhabricatorConduitAPIController
     $json = new PhutilJSON();
     if (is_array($value)) {
       $value = $json->encodeFormatted($value);
-      $value = phutil_escape_html($value);
-    } else {
-      $value = phutil_escape_html($value);
     }
 
-    $value = '<pre style="white-space: pre-wrap;">'.$value.'</pre>';
+    $value = hsprintf('<pre style="white-space: pre-wrap;">%s</pre>', $value);
 
     return $value;
   }
diff --git a/src/applications/conduit/controller/PhabricatorConduitConsoleController.php b/src/applications/conduit/controller/PhabricatorConduitConsoleController.php
index 3d0f2c41a0..5020173b88 100644
--- a/src/applications/conduit/controller/PhabricatorConduitConsoleController.php
+++ b/src/applications/conduit/controller/PhabricatorConduitConsoleController.php
@@ -58,11 +58,10 @@ final class PhabricatorConduitConsoleController
     if ($error_types) {
       $error_description[] = '<ul>';
       foreach ($error_types as $error => $meaning) {
-        $error_description[] =
-          '<li>'.
-            '<strong>'.phutil_escape_html($error).':</strong> '.
-            phutil_escape_html($meaning).
-          '</li>';
+        $error_description[] = hsprintf(
+          '<li><strong>%s:</strong> %s</li>',
+          $error,
+          $meaning);
       }
       $error_description[] = '</ul>';
       $error_description = implode("\n", $error_description);
diff --git a/src/applications/conduit/controller/PhabricatorConduitTokenController.php b/src/applications/conduit/controller/PhabricatorConduitTokenController.php
index 54273ad477..50f87cbd6d 100644
--- a/src/applications/conduit/controller/PhabricatorConduitTokenController.php
+++ b/src/applications/conduit/controller/PhabricatorConduitTokenController.php
@@ -32,14 +32,15 @@ final class PhabricatorConduitTokenController
     $panel->setHeader('Certificate Install Token');
     $panel->setWidth(AphrontPanelView::WIDTH_FORM);
 
-    $panel->appendChild(
+    $panel->appendChild(hsprintf(
       '<p class="aphront-form-instructions">Copy and paste this token into '.
       'the prompt given to you by "arc install-certificate":</p>'.
       '<p style="padding: 0 0 1em 4em;">'.
-        '<strong>'.phutil_escape_html($token->getToken()).'</strong>'.
+        '<strong>%s</strong>'.
       '</p>'.
       '<p class="aphront-form-instructions">arc will then complete the '.
-      'install process for you.</p>');
+      'install process for you.</p>',
+      $token->getToken()));
 
     $this->setShowSideNav(false);