Return safe HTML from all render()

Summary:
This is pretty brutal and it adds some `phutil_safe_html()`.
But it is a big step in the right direction.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4905

src/applications/auth/controller/PhabricatorDisabledUserController.php

@@ -16,8 +16,8 @@ final class PhabricatorDisabledUserController
 
     $failure_view = new AphrontRequestFailureView();
     $failure_view->setHeader(pht('Account Disabled'));
-    $failure_view->appendChild(
-      '<p>'.pht('Your account has been disabled.').'</p>');
+    $failure_view->appendChild(phutil_tag('p', array(), pht(
+      'Your account has been disabled.')));
 
     return $this->buildStandardPageResponse(
       $failure_view,

src/applications/auth/controller/PhabricatorEmailLoginController.php

@@ -98,10 +98,8 @@ EOBODY;
 
           $view = new AphrontRequestFailureView();
           $view->setHeader(pht('Check Your Email'));
-          $view->appendChild(
-            '<p>'.pht(
-              'An email has been sent with a link you can use to login.'
-            ).'</p>');
+          $view->appendChild(phutil_tag('p', array(), pht(
+              'An email has been sent with a link you can use to login.')));
           return $this->buildStandardPageResponse(
             $view,
             array(

src/applications/auth/controller/PhabricatorEmailTokenController.php

@@ -50,17 +50,16 @@ final class PhabricatorEmailTokenController
 
       $view = new AphrontRequestFailureView();
       $view->setHeader(pht('Unable to Login'));
-      $view->appendChild(
-        '<p>'.pht('The authentication information in the link you clicked is '.
+      $view->appendChild(phutil_tag('p', array(), pht(
+        'The authentication information in the link you clicked is '.
         'invalid or out of date. Make sure you are copy-and-pasting the '.
         'entire link into your browser. You can try again, or request '.
-        'a new email.').'</p>');
-      $view->appendChild(
+        'a new email.')));
+      $view->appendChild(hsprintf(
         '<div class="aphront-failure-continue">'.
-          '<a class="button" href="/login/email/">'.
-            pht('Send Another Email').
-          '</a>'.
-        '</div>');
+          '<a class="button" href="/login/email/">%s</a>'.
+        '</div>',
+        pht('Send Another Email')));
 
       return $this->buildStandardPageResponse(
         $view,

src/applications/auth/controller/PhabricatorLoginValidateController.php

@@ -49,14 +49,16 @@ final class PhabricatorLoginValidateController
 
       $view = new AphrontRequestFailureView();
       $view->setHeader(pht('Login Failed'));
-      $view->appendChild(
-        '<p>'.pht('Login failed:').'</p>'.
-        $list.
-        '<p>'.pht('<strong>Clear your cookies</strong> and try again.').'</p>');
-      $view->appendChild(
+      $view->appendChild(hsprintf(
+        '<p>%s</p>%s<p>%s</p>',
+        pht('Login failed:'),
+        $list,
+        pht('<strong>Clear your cookies</strong> and try again.')));
+      $view->appendChild(hsprintf(
         '<div class="aphront-failure-continue">'.
-          '<a class="button" href="/login/">'.pht('Try Again').'</a>'.
-        '</div>');
+          '<a class="button" href="/login/">%s</a>'.
+        '</div>',
+        pht('Try Again')));
       return $this->buildStandardPageResponse(
         $view,
         array(

src/applications/auth/controller/PhabricatorMustVerifyEmailController.php

@@ -41,31 +41,26 @@ final class PhabricatorMustVerifyEmailController
 
     $error_view = new AphrontRequestFailureView();
     $error_view->setHeader(pht('Check Your Email'));
-    $error_view->appendChild(
-      '<p>'.
-      pht('You must verify your email address to login. You should have a new '.
+    $error_view->appendChild(phutil_tag('p', array(), pht(
+      'You must verify your email address to login. You should have a new '.
       'email message from Phabricator with verification instructions in your '.
-      'inbox (%s).', phutil_tag('strong', array(), $email_address)).
-      '</p>');
-    $error_view->appendChild(
-      '<p>'.
-      pht('If you did not receive an email, you can click the button below '.
-      'to try sending another one.').
-      '</p>');
-    $error_view->appendChild(
-      '<div class="aphront-failure-continue">'.
-        phabricator_form(
-          $user,
+      'inbox (%s).', phutil_tag('strong', array(), $email_address))));
+    $error_view->appendChild(phutil_tag('p', array(), pht(
+      'If you did not receive an email, you can click the button below '.
+      'to try sending another one.')));
+    $error_view->appendChild(hsprintf(
+      '<div class="aphront-failure-continue">%s</div>',
+      phabricator_form(
+        $user,
+        array(
+          'action' => '/login/mustverify/',
+          'method' => 'POST',
+        ),
+        phutil_tag(
+          'button',
           array(
-            'action' => '/login/mustverify/',
-            'method' => 'POST',
           ),
-          phutil_tag(
-            'button',
-            array(
-            ),
-            pht('Send Another Email'))).
-      '</div>');
+          pht('Send Another Email')))));
 
 
     return $this->buildApplicationPage(