Convert some phutil_escape_html() to hsprintf()

Summary: Found by `sgrep_php -e '"...".phutil_escape_html(...)'`.

Test Plan:
/
/D1
/uiexample/
/countdown/1/
/herald/transcript/1/all/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4869

Author: vrana

src/aphront/configuration/AphrontDefaultApplicationConfiguration.php

@@ -182,10 +182,9 @@ public function handleException(Exception $ex) {
         return $login_controller->processRequest();
       }
 
-      $content =
-        '<div class="aphront-policy-exception">'.
-          phutil_escape_html($ex->getMessage()).
-        '</div>';
+      $content = hsprintf(
+        '<div class="aphront-policy-exception">%s</div>',
+        $ex->getMessage());
 
       $dialog = new AphrontDialogView();
       $dialog

src/applications/auth/controller/PhabricatorLoginValidateController.php

@@ -43,9 +43,9 @@ public function processRequest() {
 
       $list = array();
       foreach ($failures as $failure) {
-        $list[] = '<li>'.phutil_escape_html($failure).'</li>';
+        $list[] = phutil_tag('li', array(), $failure);
       }
-      $list = '<ul>'.implode("\n", $list).'</ul>';
+      $list = phutil_tag('ul', array(), $list);
 
       $view = new AphrontRequestFailureView();
       $view->setHeader(pht('Login Failed'));

src/applications/auth/controller/PhabricatorMustVerifyEmailController.php

@@ -45,7 +45,7 @@ public function processRequest() {
       '<p>'.
       pht('You must verify your email address to login. You should have a new '.
       'email message from Phabricator with verification instructions in your '.
-      'inbox (<strong>%s</strong>).', phutil_escape_html($email_address)).
+      'inbox (%s).', phutil_tag('strong', array(), $email_address)).
       '</p>');
     $error_view->appendChild(
       '<p>'.

src/applications/auth/controller/PhabricatorOAuthLoginController.php

@@ -69,14 +69,16 @@ public function processRequest() {
           $dialog = new AphrontDialogView();
           $dialog->setUser($current_user);
           $dialog->setTitle(pht('Already Linked to Another Account'));
-          $dialog->appendChild('<p>'.
+          $dialog->appendChild(phutil_tag(
+            'p',
+            array(),
             pht(
               'The %s account you just authorized is already linked to '.
               'another Phabricator account. Before you can associate your %s '.
               'account with this Phabriactor account, you must unlink it from '.
-              'the Phabricator account it is currently linked to.</p>',
-              phutil_escape_html($provider_name),
-              phutil_escape_html($provider_name))).'</p>';
+              'the Phabricator account it is currently linked to.',
+              $provider_name,
+              $provider_name)));
           $dialog->addCancelButton($provider->getSettingsPanelURI());
 
           return id(new AphrontDialogResponse())->setDialog($dialog);
@@ -97,13 +99,15 @@ public function processRequest() {
         $dialog->setUser($current_user);
         $dialog->setTitle(
           pht('Already Linked to an Account From This Provider'));
-        $dialog->appendChild('<p>'.
+        $dialog->appendChild(phutil_tag(
+          'p',
+          array(),
           pht(
             'The account you are logged in with is already linked to a %s '.
             'account. Before you can link it to a different %s account, you '.
-            'must unlink the old account.</p>',
-            phutil_escape_html($provider_name),
-            phutil_escape_html($provider_name))).'</p>';
+            'must unlink the old account.',
+            $provider_name,
+            $provider_name)));
         $dialog->addCancelButton($provider->getSettingsPanelURI());
         return id(new AphrontDialogResponse())->setDialog($dialog);
       }
@@ -170,13 +174,15 @@ public function processRequest() {
         $dialog = new AphrontDialogView();
         $dialog->setUser($current_user);
         $dialog->setTitle(pht('Already Linked to Another Account'));
-        $dialog->appendChild('<p>'.
+        $dialog->appendChild(phutil_tag(
+          'p',
+          array(),
           pht(
             'The %s account you just authorized has an email address which '.
             'is already in use by another Phabricator account. To link the '.
             'accounts, log in to your Phabricator account and then go to '.
             'Settings.',
-            phutil_escape_html($provider_name))).'</p>';
+            $provider_name)));
 
         $user = id(new PhabricatorUser())
           ->loadOneWhere('phid = %s', $known_email->getUserPHID());
@@ -189,10 +195,12 @@ public function processRequest() {
             $providers[] = PhabricatorOAuthProvider::newProvider($provider)
               ->getProviderName();
           }
-          $dialog->appendChild(
+          $dialog->appendChild(phutil_tag(
+            'p',
+            array(),
             pht(
-              '<p>The account is associated with: %s.</p>',
-              implode(', ', phutil_escape_html($providers))));
+              'The account is associated with: %s.',
+              implode(', ', $providers))));
         }
 
         $dialog->addCancelButton('/login/');
@@ -205,13 +213,15 @@ public function processRequest() {
       $dialog = new AphrontDialogView();
       $dialog->setUser($current_user);
       $dialog->setTitle(pht('No Account Registration with %s', $provider_name));
-      $dialog->appendChild('<p>'.
+      $dialog->appendChild(phutil_tag(
+        'p',
+        array(),
         pht(
           'You can not register a new account using %s; you can only use '.
           'your %s account to log into an existing Phabricator account which '.
           'you have registered through other means.',
-          phutil_escape_html($provider_name),
-          phutil_escape_html($provider_name))).'</p>';
+          $provider_name,
+          $provider_name)));
       $dialog->addCancelButton('/login/');
 
       return id(new AphrontDialogResponse())->setDialog($dialog);

src/applications/countdown/controller/PhabricatorCountdownDeleteController.php

@@ -33,9 +33,9 @@ public function processRequest() {
     $dialog = new AphrontDialogView();
     $dialog->setUser($request->getUser());
     $dialog->setTitle('Really delete this countdown?');
-    $dialog->appendChild(
-      '<p>Are you sure you want to delete the countdown "'.
-      phutil_escape_html($timer->getTitle()).'"?</p>');
+    $dialog->appendChild(hsprintf(
+      '<p>Are you sure you want to delete the countdown "%s"?</p>',
+      $timer->getTitle()));
     $dialog->addSubmitButton('Delete');
     $dialog->addCancelButton('/countdown/');
     $dialog->setSubmitURI($request->getPath());

src/applications/countdown/controller/PhabricatorCountdownViewController.php

@@ -32,12 +32,9 @@ public function processRequest() {
       $chrome_visible ? pht('Disable Chrome') : pht('Enable Chrome'));
 
     $container = celerity_generate_unique_node_id();
-    $content =
-      '<div class="phabricator-timer" id="'.$container.'">
-        <h1 class="phabricator-timer-header">'.
-          phutil_escape_html($timer->getTitle()).' &middot; '.
-          phabricator_datetime($timer->getDatePoint(), $user).
-        '</h1>
+    $content = hsprintf(
+      '<div class="phabricator-timer" id="%s">
+        <h1 class="phabricator-timer-header">%s &middot; %s</h1>
         <div class="phabricator-timer-pane">
           <table class="phabricator-timer-table">
             <tr>
@@ -46,20 +43,19 @@ public function processRequest() {
               <th>Minutes</th>
               <th>Seconds</th>
             </tr>
-            <tr>'.
-              javelin_tag('td',
-                array('sigil' => 'phabricator-timer-days'), '').
-              javelin_tag('td',
-                array('sigil' => 'phabricator-timer-hours'), '').
-              javelin_tag('td',
-                array('sigil' => 'phabricator-timer-minutes'), '').
-              javelin_tag('td',
-                array('sigil' => 'phabricator-timer-seconds'), '').
-            '</tr>
+            <tr>%s%s%s%s</tr>
           </table>
-        </div>'.
-        $chrome_link.
-      '</div>';
+        </div>
+        %s
+      </div>',
+      $container,
+      $timer->getTitle(),
+      phabricator_datetime($timer->getDatePoint(), $user),
+      javelin_tag('td', array('sigil' => 'phabricator-timer-days'), ''),
+      javelin_tag('td', array('sigil' => 'phabricator-timer-hours'), ''),
+      javelin_tag('td', array('sigil' => 'phabricator-timer-minutes'), ''),
+      javelin_tag('td', array('sigil' => 'phabricator-timer-seconds'), ''),
+      $chrome_link);
 
     Javelin::initBehavior('countdown-timer', array(
       'timestamp' => $timer->getDatepoint(),

src/applications/daemon/view/PhabricatorDaemonLogEventsView.php

@@ -63,7 +63,7 @@ public function render() {
         phutil_escape_html($event->getLogType()),
         phabricator_date($event->getEpoch(), $this->user),
         phabricator_time($event->getEpoch(), $this->user),
-        str_replace("\n", '<br />', phutil_escape_html($message.$more)),
+        phutil_escape_html_newlines($message.$more),
       );
 
       if ($this->combinedLog) {

src/applications/differential/controller/DifferentialCommentSaveController.php

@@ -56,7 +56,7 @@ public function processRequest() {
 
       $dialog->setTitle(pht('Action Has No Effect'));
       $dialog->appendChild(
-        '<p>'.phutil_escape_html($no_effect->getMessage()).'</p>');
+        phutil_tag('p', array(), $no_effect->getMessage()));
 
       if (strlen($comment) || $has_inlines) {
         $dialog->addSubmitButton(pht('Post as Comment'));

src/applications/differential/render/DifferentialChangesetHTMLRenderer.php

@@ -70,10 +70,7 @@ protected function renderChangeTypeHeader($force) {
           break;
 
         case DifferentialChangeType::TYPE_MOVE_HERE:
-          $from =
-            "<strong>".
-              phutil_escape_html($changeset->getOldFile()).
-            "</strong>";
+          $from = phutil_tag('strong', array(), $changeset->getOldFile());
           switch ($file) {
             case DifferentialChangeType::FILE_TEXT:
               $message = pht('This file was moved from %s.', $from);
@@ -97,10 +94,7 @@ protected function renderChangeTypeHeader($force) {
           break;
 
         case DifferentialChangeType::TYPE_COPY_HERE:
-          $from =
-            "<strong>".
-              phutil_escape_html($changeset->getOldFile()).
-            "</strong>";
+          $from = phutil_tag('strong', array(), $changeset->getOldFile());
           switch ($file) {
             case DifferentialChangeType::FILE_TEXT:
               $message = pht('This file was copied from %s.', $from);
@@ -124,10 +118,10 @@ protected function renderChangeTypeHeader($force) {
           break;
 
         case DifferentialChangeType::TYPE_MOVE_AWAY:
-          $paths =
-            "<strong>".
-              phutil_escape_html(implode(', ', $changeset->getAwayPaths())).
-            "</strong>";
+          $paths = phutil_tag(
+            'strong',
+            array(),
+            implode(', ', $changeset->getAwayPaths()));
           switch ($file) {
             case DifferentialChangeType::FILE_TEXT:
               $message = pht('This file was moved to %s.', $paths);
@@ -151,10 +145,10 @@ protected function renderChangeTypeHeader($force) {
           break;
 
         case DifferentialChangeType::TYPE_COPY_AWAY:
-          $paths =
-            "<strong>".
-              phutil_escape_html(implode(', ', $changeset->getAwayPaths())).
-            "</strong>";
+          $paths = phutil_tag(
+            'strong',
+            array(),
+            implode(', ', $changeset->getAwayPaths()));
           switch ($file) {
             case DifferentialChangeType::FILE_TEXT:
               $message = pht('This file was copied to %s.', $paths);
@@ -178,10 +172,10 @@ protected function renderChangeTypeHeader($force) {
           break;
 
         case DifferentialChangeType::TYPE_MULTICOPY:
-          $paths =
-            "<strong>".
-              phutil_escape_html(implode(', ', $changeset->getAwayPaths())).
-            "</strong>";
+          $paths = phutil_tag(
+            'strong',
+            array(),
+            implode(', ', $changeset->getAwayPaths()));
           switch ($file) {
             case DifferentialChangeType::FILE_TEXT:
               $message = pht(
@@ -262,23 +256,26 @@ protected function renderPropertyChangeHeader() {
       $nval = idx($new, $key);
       if ($oval !== $nval) {
         if ($oval === null) {
-          $oval = '<em>null</em>';
+          $oval = phutil_tag('em', array(), 'null');
         } else {
-          $oval = nl2br(phutil_escape_html($oval));
+          $oval = phutil_escape_html_newlines($oval);
         }
 
         if ($nval === null) {
-          $nval = '<em>null</em>';
+          $nval = phutil_tag('em', array(), 'null');
         } else {
-          $nval = nl2br(phutil_escape_html($nval));
+          $nval = phutil_escape_html_newlines($nval);
         }
 
-        $rows[] =
+        $rows[] = hsprintf(
           '<tr>'.
-            '<th>'.phutil_escape_html($key).'</th>'.
-            '<td class="oval">'.$oval.'</td>'.
-            '<td class="nval">'.$nval.'</td>'.
-          '</tr>';
+            '<th>%s</th>'.
+            '<td class="oval">%s</td>'.
+            '<td class="nval">%s</td>'.
+          '</tr>',
+          $key,
+          $oval,
+          $nval);
       }
     }
 

src/applications/differential/view/DifferentialLocalCommitsView.php

@@ -54,33 +54,33 @@ public function render() {
       } else {
         $commit_hash = null;
       }
-      $row[] = '<td>'.phutil_escape_html($commit_hash).'</td>';
+      $row[] = phutil_tag('td', array(), $commit_hash);
 
       if ($has_tree) {
         $tree = idx($commit, 'tree');
         $tree = substr($tree, 0, 16);
-        $row[] = '<td>'.phutil_escape_html($tree).'</td>';
+        $row[] = phutil_tag('td', array(), $tree);
       }
 
       if ($has_local) {
         $local_rev = idx($commit, 'local', null);
-        $row[] = '<td>'.phutil_escape_html($local_rev).'</td>';
+        $row[] = phutil_tag('td', array(), $local_rev);
       }
 
       $parents = idx($commit, 'parents', array());
       foreach ($parents as $k => $parent) {
         if (is_array($parent)) {
           $parent = idx($parent, 'rev');
         }
-        $parents[$k] = phutil_escape_html(substr($parent, 0, 16));
+        $parents[$k] = substr($parent, 0, 16);
       }
-      $parents = implode('<br />', $parents);
-      $row[] = '<td>'.$parents.'</td>';
+      $parents = array_interleave(phutil_tag('br'), $parents);
+      $row[] = phutil_tag('td', array(), $parents);
 
       $author = nonempty(
         idx($commit, 'user'),
         idx($commit, 'author'));
-      $row[] = '<td>'.phutil_escape_html($author).'</td>';
+      $row[] = phutil_tag('td', array(), $author);
 
       $message = idx($commit, 'message');
 
@@ -107,9 +107,9 @@ public function render() {
       if ($date) {
         $date = phabricator_datetime($date, $user);
       }
-      $row[] = '<td>'.$date.'</td>';
+      $row[] = phutil_tag('td', array(), $date);
 
-      $rows[] = '<tr class="'.$class.'">'.implode('', $row).'</tr>';
+      $rows[] = phutil_tag('tr', array('class' => $class), $row);
     }