Closed
Description
The simplex example, let's take a file containing:
<?php
$x = foo";If we run PHP Parallel Lint with the --checkstyle flag we get (formatted for readability):
<?xml version="1.0" encoding="UTF-8"?>
<checkstyle>
<file name="example.php">
<error
line="3"
severity="ERROR"
message="Parse error: syntax error, unexpected '"' in ./inc/x.php on line 3"
source="Syntax Error" />
</file>
</checkstyle>Which is broken XML.
Generally speaking, when generating checkstyle XML, PHP Parallel Lint should HTML-escape messages, via something like: htmlspecialchars($message, ENT_QUOTES, 'UTF-8'); here: https://github.com/php-parallel-lint/PHP-Parallel-Lint/blob/master/src/Output.php#L444