From ca9f6c2d57d08ce3bd0d731daf4a6d0818adfb21 Mon Sep 17 00:00:00 2001
From: Marcus Bointon <marcus@synchromedia.co.uk>
Date: Wed, 26 Jul 2017 23:16:08 +0200
Subject: [PATCH] Avoid XSS in error message output

---
 src/Exception.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/Exception.php b/src/Exception.php
index 39ab73fe..11b52e9d 100644
--- a/src/Exception.php
+++ b/src/Exception.php
@@ -35,7 +35,6 @@ class Exception extends \Exception
      */
     public function errorMessage()
     {
-        $errorMsg = '<strong>' . $this->getMessage() . "</strong><br />\n";
-        return $errorMsg;
+        return '<strong>' . htmlspecialchars($this->getMessage()) . "</strong><br />\n";
     }
 }