chore: Correctly flag json encoding methods as escaping html and quotes

Especially with JSON_HEX_TAG it’s perfectly fine to echo JSON, and we
 only use it in JSON output anyway.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>

build/psalm-baseline-security.xml

@@ -104,12 +104,4 @@
       <code><![CDATA[$sql]]></code>
     </TaintedSql>
   </file>
-  <file src="ocs-provider/index.php">
-    <TaintedHtml>
-      <code><![CDATA[$controller->buildProviderList()->render()]]></code>
-    </TaintedHtml>
-    <TaintedTextWithQuotes>
-      <code><![CDATA[$controller->buildProviderList()->render()]]></code>
-    </TaintedTextWithQuotes>
-  </file>
 </files>

lib/private/legacy/OC_JSON.php

@@ -74,7 +74,6 @@ class OC_JSON {
 	 * Send json error msg
 	 * @deprecated 12.0.0 Use a AppFramework JSONResponse instead
 	 * @suppress PhanDeprecatedFunction
-	 * @psalm-taint-escape html
 	 */
 	public static function error($data = []) {
 		$data['status'] = 'error';
@@ -86,7 +85,6 @@ class OC_JSON {
 	 * Send json success msg
 	 * @deprecated 12.0.0 Use a AppFramework JSONResponse instead
 	 * @suppress PhanDeprecatedFunction
-	 * @psalm-taint-escape html
 	 */
 	public static function success($data = []) {
 		$data['status'] = 'success';
@@ -97,6 +95,9 @@ class OC_JSON {
 	/**
 	 * Encode JSON
 	 * @deprecated 12.0.0 Use a AppFramework JSONResponse instead
+	 *
+	 * @psalm-taint-escape has_quotes
+	 * @psalm-taint-escape html
 	 */
 	private static function encode($data) {
 		return json_encode($data, JSON_HEX_TAG);

lib/public/AppFramework/Http/JSONResponse.php

@@ -58,6 +58,9 @@ class JSONResponse extends Response {
 	 * @return string the rendered json
 	 * @since 6.0.0
 	 * @throws \Exception If data could not get encoded
+	 *
+	 * @psalm-taint-escape has_quotes
+	 * @psalm-taint-escape html
 	 */
 	public function render() {
 		return json_encode($this->data, JSON_HEX_TAG | JSON_THROW_ON_ERROR | $this->encodeFlags, 2048);