minor #32369 [ErrorCatcher] Fixed some escaping in error renderers (j…

…aviereguiluz)

This PR was merged into the 4.4 branch.

Discussion
----------

[ErrorCatcher] Fixed some escaping in error renderers

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | yes
| New feature?  | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks?    | no     <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass?   | yes    <!-- please add some, will be required by reviewers -->
| Fixed tickets | -
| License       | MIT
| Doc PR        | not needed

Fixes this: https://github.com/symfony/symfony/pull/32364/files#r300394620

Commits
-------

1413bdc [ErrorCatcher] Fixed some escaping in XML errors

src/Symfony/Component/ErrorCatcher/ErrorRenderer/HtmlErrorRenderer.php

@@ -55,14 +55,16 @@ public function render(FlattenException $exception): string
     {
         $css = $this->getStylesheet();
         $body = $this->getBody($exception);
+        $charset = $this->escapeHtml($this->charset);
+        $title = $this->escapeHtml($exception->getTitle());
 
         return <<<EOF
 <!DOCTYPE html>
 <html>
     <head>
-        <meta charset="{$this->charset}" />
+        <meta charset="{$charset}" />
         <meta name="robots" content="noindex,nofollow,noarchive" />
-        <title>{$exception->getTitle()}</title>
+        <title>{$title}</title>
         <style>$css</style>
     </head>
     <body>
@@ -94,11 +96,14 @@ public function setFileLinkFormat($fileLinkFormat)
      */
     public function getBody(FlattenException $exception)
     {
+        $statusCode = $this->escapeHtml($exception->getStatusCode());
+        $title = $this->escapeHtml($exception->getTitle());
+
         if (!$this->debug) {
             return <<<EOF
                 <div class="container">
                     <h1>Oops! An Error Occurred</h1>
-                    <h2>The server returned a "{$exception->getStatusCode()} {$exception->getTitle()}".</h2>
+                    <h2>The server returned a "{$statusCode} {$title}".</h2>
                     <p>
                         Something is broken. Please let us know what you were doing when this error occurred.
                         We will fix it as soon as possible. Sorry for any inconvenience caused.

src/Symfony/Component/ErrorCatcher/ErrorRenderer/XmlErrorRenderer.php

@@ -40,7 +40,10 @@ public static function getFormat(): string
      */
     public function render(FlattenException $exception): string
     {
+        $title = $this->escapeXml($exception->getTitle());
         $message = $this->escapeXml($exception->getMessage());
+        $statusCode = $this->escapeXml($exception->getStatusCode());
+        $charset = $this->escapeXml($this->charset);
 
         $exceptions = '';
         if ($this->debug) {
@@ -63,10 +66,10 @@ public function render(FlattenException $exception): string
         }
 
         return <<<EOF
-<?xml version="1.0" encoding="{$this->charset}" ?>
+<?xml version="1.0" encoding="{$charset}" ?>
 <problem xmlns="urn:ietf:rfc:7807">
-    <title>{$exception->getTitle()}</title>
-    <status>{$exception->getStatusCode()}</status>
+    <title>{$title}</title>
+    <status>{$statusCode}</status>
     <detail>{$message}</detail>
     {$exceptions}
 </problem>