fix: replace custom HTML escape table with stdlib html.escape()

docker_scanner.py

@@ -4,6 +4,7 @@
 import csv
 import pandas as pd
 import logging
+import html
 from typing import List, Tuple, Dict, Optional
 from datetime import datetime
 from fpdf import FPDF
@@ -1240,15 +1241,10 @@ def _escape_html(self, text: str) -> str:
         if not text:
             return ""
 
-        html_escape_table = {
-            "&": "&",
-            '"': """,
-            "'": "'",
-            ">": ">",
-            "<": "&lt;",
-        }
+        if not isinstance(text, str):
+            text = str(text)
 
-        return "".join(html_escape_table.get(c, c) for c in str(text))
+        return html.escape(text, quote=True)
 
 def main():
     """Main function to run the security scanner."""

report_generator.py

@@ -16,6 +16,7 @@
 import csv
 import re
 import logging
+import html
 from typing import Dict, List, Optional
 from datetime import datetime
 from fpdf import FPDF
@@ -467,15 +468,10 @@ def _escape_html(self, text: str) -> str:
         if not text:
             return ""
 
-        html_escape_table = {
-            "&": "&",
-            '"': """,
-            "'": "'",
-            ">": ">",
-            "<": "&lt;",
-        }
+        if not isinstance(text, str):
+            text = str(text)
 
-        return "".join(html_escape_table.get(c, c) for c in str(text))
+        return html.escape(text, quote=True)
 
     def _count_by_severity(self, vulnerabilities: List[Dict]) -> Dict[str, int]:
         """