From 12a86bc81e46b92bd0cc60bf1fe6890648710738 Mon Sep 17 00:00:00 2001
From: filip-hejsek <53407910+filip-hejsek@users.noreply.github.com>
Date: Wed, 27 Nov 2024 18:04:51 +0100
Subject: [PATCH] Escape HTML characters in error message

---
 app/Application.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Application.php b/app/Application.php
index 80fa59b..1b20503 100644
--- a/app/Application.php
+++ b/app/Application.php
@@ -77,7 +77,7 @@ private static function internalError(string $message = '', int $httpCode = 500)
         http_response_code($httpCode);
         echo "Internal error.";
         if ($message) {
-            echo " $message";
+            echo htmlspecialchars(" $message");
         }
         exit;
     }