From 1538a01c898589e5173e4f1ccdf5a257a629895c Mon Sep 17 00:00:00 2001
From: Alex Rock <pierstoval@gmail.com>
Date: Wed, 18 Sep 2024 13:57:54 +0200
Subject: [PATCH] Escape error messages

---
 src/Glpi/Application/ErrorHandler.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Glpi/Application/ErrorHandler.php b/src/Glpi/Application/ErrorHandler.php
index cbc0056462a..e5e021f6152 100644
--- a/src/Glpi/Application/ErrorHandler.php
+++ b/src/Glpi/Application/ErrorHandler.php
@@ -506,7 +506,7 @@ private function outputDebugMessage(string $error_type, string $message, string
             $this->output_handler->writeln($message, $verbosity);
         } else if (!isCommandLine()) {
             echo '<div class="alert alert-important alert-danger glpi-debug-alert" style="z-index:10000">'
-            . '<span class="b">' . $error_type . ': </span>' . $message . '</div>';
+            . '<span class="b">' . \htmlspecialchars($error_type) . ': </span>' . \htmlspecialchars($message) . '</div>';
         } else {
             echo $error_type . ': ' . $message . "\n";
         }