XSS detecting although HtmlEncode is done SCS0029

[sseyalioglu]

In the previous version, it was working fine for proper XSS handling where you can simply implement the solution in the documentation.
However after latest 3.0.0 even if you have HtmlEncode, you still receive the warning of SCS0029.

Here is the example

[sseyalioglu]

A complete view of the code piece:

[JarLob]

Thanks for the report. I'll cross reference it with #43 but will close it to keep just one tracking issue.

[JarLob]

Actually I can’t reproduce it. The case is covered in
https://github.com/security-code-scan/security-code-scan/blob/master/SecurityCodeScan.Test/Tests/XssPreventionAnalyzerTest.cs#L579
Could you simplify your function by deleting anything you don’t want to share and provide the full body?

[sseyalioglu]

First my environment. I use JetBrains Rider and MacOS 10.14.2
Here is the full method.

As you see there is not much inside this but still having the issue.

[JarLob]

Nice to know it works with Rider! (I haven't tried it myself)
I have reproduced it, but it gives the warning not because of user, but because of env.EnvironmentName.
It is a valid bug, because there is no evidence that the environment name is an user input.