Allow {!! nl2br(e($var)) !!} as safe XSS pattern

The pattern nl2br(e($var)) is safe because:
1. e() / htmlspecialchars() escapes HTML entities first
2. nl2br() then adds <br> tags for newlines
3. {!! !!} is required to render the <br> tags

This is a common Laravel pattern for displaying user text
with preserved line breaks while preventing XSS.

Also added nl2br(htmlspecialchars()) and nl2br(htmlentities())
as equivalent safe patterns.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

src/Rules/XssRule.php

@@ -493,6 +493,11 @@ class XssRule extends BaseRule
             '/^\s*action\s*\(/',          // action() helper
             '/^\s*mix\s*\(/',             // mix() helper (Laravel Mix)
             '/^\s*vite\s*\(/',            // vite() helper (Vite)
+            // nl2br with e() - common safe pattern for displaying user text with line breaks
+            // e() escapes HTML first, then nl2br() adds <br> tags
+            '/^\s*nl2br\s*\(\s*e\s*\(/',  // nl2br(e($var))
+            '/^\s*nl2br\s*\(\s*htmlspecialchars\s*\(/',  // nl2br(htmlspecialchars($var))
+            '/^\s*nl2br\s*\(\s*htmlentities\s*\(/',      // nl2br(htmlentities($var))
         ];
 
         foreach ($safePatterns as $pattern) {