From bb986440ecb2fd48b1f14bad289010a1dfc87425 Mon Sep 17 00:00:00 2001
From: Remco Tolsma <869674+remcotolsma@users.noreply.github.com>
Date: Tue, 26 Mar 2024 12:41:08 +0100
Subject: [PATCH] Fix "All output should be run through an escaping function".

---
 src/PaymentAddOn.php | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/PaymentAddOn.php b/src/PaymentAddOn.php
index bda360c..2e4ea99 100644
--- a/src/PaymentAddOn.php
+++ b/src/PaymentAddOn.php
@@ -234,9 +234,11 @@ public function get_menu_icon() {
 
 		if ( ! \is_readable( $file ) ) {
 			throw new \Exception(
-				\sprintf(
-					'Could not read WordPress admin menu icon from file: %s.',
-					$file
+				\esc_html(
+					\sprintf(
+						'Could not read WordPress admin menu icon from file: %s.',
+						$file
+					) 
 				)
 			);
 		}
@@ -245,9 +247,11 @@ public function get_menu_icon() {
 
 		if ( false === $svg ) {
 			throw new \Exception(
-				\sprintf(
-					'Could not read WordPress admin menu icon from file: %s.',
-					$file
+				\esc_html(
+					\sprintf(
+						'Could not read WordPress admin menu icon from file: %s.',
+						$file
+					) 
 				)
 			);
 		}