Add HtmlEscaping sanitizer

python/ql/src/experimental/semmle/python/security/dataflow/ReflectedXSS.qll

@@ -9,6 +9,7 @@ import semmle.python.dataflow.new.TaintTracking
 import semmle.python.dataflow.new.RemoteFlowSources
 import semmle.python.dataflow.new.BarrierGuards
 import experimental.semmle.python.Concepts
+import semmle.python.Concepts
 import semmle.python.ApiGraphs
 
 /**
@@ -26,6 +27,10 @@ class ReflectedXssConfiguration extends TaintTracking::Configuration {
     guard instanceof StringConstCompare
   }
 
+  override predicate isSanitizer(DataFlow::Node sanitizer) {
+    sanitizer = any(HtmlEscaping esc).getOutput()
+  }
+
   override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     exists(DataFlow::CallCfgNode htmlContentCall |
       htmlContentCall =