…d be run only in phtml files because right now it will do this for whichever php file you provide. That is untested. You can take look at associated tests for which scenarios are covered. escapeJs and escapeUrl are yet to be implemented

…e failing

…ent.

We are not trying to fix all the unsafe output. We try to escape output that we can be sure of. We leave complex expressions as it is. Developer can for now fix
them manually. As of now it should cover 70% of cases. Escaping xss in URL will be handled as a separate rule.