RIPS - free PHP security scanner using static code analysis. Escaping from HTML. Everything outside of a pair of opening and closing tags is ignored by the PHP parser which allows PHP files to have mixed content.
This allows PHP to be embedded in HTML documents, for example to create templates. <p>This is going to be ignored by PHP and displayed by the browser. </p><? Manual.