From 6d31e11f5de53f06e2279ededc13a1f25eba27f5 Mon Sep 17 00:00:00 2001
From: Uwe Kubosch <uwe@datek.no>
Date: Mon, 27 Mar 2023 12:45:36 +0200
Subject: [PATCH] Escape exception message for HTML display

---
 build.gradle                           | 2 +-
 src/main/resources/ruby/slim_helper.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index 741a8b0..6c7f0cd 100644
--- a/build.gradle
+++ b/build.gradle
@@ -7,7 +7,7 @@ plugins {
 }
 
 group 'no.datek'
-version '0.2.0'
+version '0.2.1'
 final String JRUBY_VERSION = '9.3.6.0';
 
 repositories {
diff --git a/src/main/resources/ruby/slim_helper.rb b/src/main/resources/ruby/slim_helper.rb
index aab9553..272ea27 100644
--- a/src/main/resources/ruby/slim_helper.rb
+++ b/src/main/resources/ruby/slim_helper.rb
@@ -146,7 +146,7 @@ def params.[](key)
       #{e.backtrace.join("\n")}
     HTML
     LOG.error message
-    "<h1>Whoops!</h1><pre>#{message}</pre>"
+    "<h1>Whoops!</h1><pre>#{CGI.escapeHTML(message)}</pre>"
   end
 
   # self in this context is the Struct with the context variables