Escaping for XML is caught by DiscouragedFunctionSniff

[fooman]

Description

The following code htmlspecialchars($string, ENT_XML1, "UTF-8") triggers the warning

38 | WARNING | The use of function htmlspecialchars() is discouraged; use
    |         | \Magento\Framework\Escaper->escapeHtml() instead
    |         | (Magento2.Functions.DiscouragedFunction.DiscouragedWithAlternative)

Expected behavior

The suggested alternative is not an equivalent solution. A brief search over the Magento codebase also reveals there is no mention of ENT_XML1. Also \Magento\Framework\Escaper::$htmlSpecialCharsFlag is a private property making it impossible to set ENT_XML1 in a custom implementation.

Benefits

Ensure XML content can be generated correctly with-in a Magento module.

Additional information

Solutions would be either to a.) ensure the discouraged function sniff only triggers in code that is covered by the alternative or b.) add options to escape for XML in \Magento\Framework\Escaper

[m2-assistant]

Hi @fooman. Thank you for your report.
To speed up processing of this issue, make sure that you provided sufficient information.
Add a comment to assign the issue: @magento I am working on this

---

Join Magento Community Engineering Slack and ask your questions in #github channel.