Would be nice to add phan-taint-check-plugin to Translate extensions
<?xml version="1.0" encoding="ISO-8859-15"?>
<checkstyle version="6.5">
<file name="./specials/SpecialTranslationStats.php">
<error line="208" severity="warning" message="Calling method \Html::element() in \SpecialTranslationStats::form that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: ./specials/SpecialTranslationStats.php +199; ./specials/SpecialTranslationStats.php +203; ./specials/SpecialTranslationStats.php +206)" source="SecurityCheck-DoubleEscaped"/>
<error line="209" severity="warning" message="Calling method \Html::element() in \SpecialTranslationStats::form that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: ./specials/SpecialTranslationStats.php +199; ./specials/SpecialTranslationStats.php +203; ./specials/SpecialTranslationStats.php +206)" source="SecurityCheck-DoubleEscaped"/>
<error line="210" severity="warning" message="Calling method \Html::element() in \SpecialTranslationStats::form that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: ./specials/SpecialTranslationStats.php +199; ./specials/SpecialTranslationStats.php +203; ./specials/SpecialTranslationStats.php +206)" source="SecurityCheck-DoubleEscaped"/>
</file>
<file name="./tag/PageTranslationLogFormatter.php">
<error line="77" severity="warning" message="Calling method \LogFormatter::getComment in \PageTranslationLogFormatter::getComment that is always unsafe (Caused by: ../../includes/logging/LogFormatter.php +706; ../../includes/logging/LogFormatter.php +703)" source="SecurityCheck-DoubleEscaped"/>
</file>
<file name="./utils/MessageWebImporter.php">
<error line="362" severity="warning" message="Calling method \OutputPage::addHTML() in \MessageWebImporter::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: ./utils/MessageWebImporter.php +293; ./utils/MessageWebImporter.php +281; ./utils/MessageWebImporter.php +301; ./utils/MessageWebImporter.php +361)" source="SecurityCheck-XSS"/>
<error line="376" severity="warning" message="Calling method \OutputPage::addHTML() in \MessageWebImporter::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: ./utils/MessageWebImporter.php +293; ./utils/MessageWebImporter.php +281; ./utils/MessageWebImporter.php +301; ./utils/MessageWebImporter.php +361)" source="SecurityCheck-XSS"/>
</file>
</checkstyle>Issues in PageTranslationLogFormatter.php is T201565