Improve output escaping, input sanitizing and logging

auto-approval.php

@@ -127,7 +127,7 @@ function vipgoci_auto_approval_non_approval(
 			$options['repo-name'],
 			(int) $pr_number,
 			(int) $pr_item_review->id,
-			'Dismissing obsolete review; not approved any longer',
+			vipgoci_output_html_escape( 'Dismissing obsolete review; not approved any longer' ),
 			$options['token']
 		);
 	}

github-api.php

@@ -1292,8 +1292,7 @@ function vipgoci_github_pr_reviews_dismiss_with_non_active_comments(
 				$options['repo-name'],
 				$pr_number,
 				$pr_review->id,
-				'Dismissing review as all inline comments ' .
-					'are obsolete by now',
+				'Dismissing review as all inline comments are obsolete by now',
 				$options['token']
 			);
 		}

reports.php

@@ -101,7 +101,7 @@ function vipgoci_report_create_scan_details_software_versions(
 
 	$details .= '<ul>' . PHP_EOL;
 
-	$details .= '<li>vip-go-ci version: <code>' . vipgoci_output_sanitize_version_number( VIPGOCI_VERSION ) . '</code></li>' . PHP_EOL;
+	$details .= '<li><a href="https://github.com/Automattic/vip-go-ci">vip-go-ci</a> version: <code>' . vipgoci_output_sanitize_version_number( VIPGOCI_VERSION ) . '</code></li>' . PHP_EOL;
 
 	$php_runtime_version = phpversion();
 
@@ -649,6 +649,8 @@ function vipgoci_report_maybe_no_issues_found(
 
 		$no_issues_msg .= ' (commit-ID: ' . $commit_id . ')';
 
+		$no_issues_msg = vipgoci_output_html_escape( $no_issues_msg );
+
 		/*
 		 * If we have informational message, append it.
 		 */
@@ -1440,7 +1442,7 @@ function vipgoci_report_submit_pr_review_from_results(
 				$repo_name,
 				$github_token,
 				$pr_number,
-				VIPGOCI_GITHUB_ERROR_STR,
+				vipgoci_output_html_escape( VIPGOCI_GITHUB_ERROR_STR ),
 				$commit_id
 			);
 		}

svg-scan.php

@@ -145,7 +145,7 @@ function vipgoci_svg_look_for_specific_tokens(
 
 			$results['files'][ $temp_file_name ]['messages'][] =
 				array(
-					'message' => 'Found forbidden tag in SVG file: \'' . $disallowed_token . '\'',
+					'message' => vipgoci_output_html_escape( 'Found forbidden tag in SVG file: \'' . $disallowed_token . '\'' ),
 					'line'    => $line_no,
 					'level'   => 'ERROR',
 				);

tests/integration/SvgScanLookForSpecificTokensTest.php

@@ -72,7 +72,7 @@ public function testSpecificTokens1() {
 		);
 
 		$results_expected = json_decode(
-			'{"totals":{"errors":1,"warnings":0,"fixable":0},"files":{"' . addcslashes( $temp_file_name, '/' ) . '":{"errors":1,"messages":[{"message":"Found forbidden tag in SVG file: \'<?php\'","line":6,"level":"ERROR"}]}}}',
+			'{"totals":{"errors":1,"warnings":0,"fixable":0},"files":{"' . addcslashes( $temp_file_name, '/' ) . '":{"errors":1,"messages":[{"message":"Found forbidden tag in SVG file: &#039;&lt;?php&#039;","line":6,"level":"ERROR"}]}}}',
 			true
 		);
 

tests/unit/ReportCreateScanDetailsSoftwareVersionsTest.php

@@ -72,7 +72,7 @@ public function testCreateDetails1(): void {
 		);
 
 		$this->assertStringContainsString(
-			'<li>vip-go-ci version: <code>' . VIPGOCI_VERSION . '</code></li>',
+			'<li><a href="https://github.com/Automattic/vip-go-ci">vip-go-ci</a> version: <code>' . VIPGOCI_VERSION . '</code></li>',
 			$actual_output
 		);
 
@@ -150,7 +150,7 @@ public function testCreateDetails2(): void {
 		);
 
 		$this->assertStringContainsString(
-			'<li>vip-go-ci version: <code>' . VIPGOCI_VERSION . '</code></li>',
+			'<li><a href="https://github.com/Automattic/vip-go-ci">vip-go-ci</a> version: <code>' . VIPGOCI_VERSION . '</code></li>',
 			$actual_output
 		);