From 7a3791d955a90bf00887aa000bed0788d0735a0f Mon Sep 17 00:00:00 2001
From: Matthew Weier O'Phinney <matthew@zend.com>
Date: Fri, 1 Nov 2013 12:07:53 -0500
Subject: [PATCH] [#224] Escape exception messages and traces

---
 module/Application/view/error/index.phtml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/module/Application/view/error/index.phtml b/module/Application/view/error/index.phtml
index 5165cd8eba..787f05222b 100644
--- a/module/Application/view/error/index.phtml
+++ b/module/Application/view/error/index.phtml
@@ -14,11 +14,11 @@
     </dd>
     <dt><?php echo $this->translate('Message') ?>:</dt>
     <dd>
-        <pre class="prettyprint linenums"><?php echo $this->exception->getMessage() ?></pre>
+        <pre class="prettyprint linenums"><?php echo $this->escapeHtml($this->exception->getMessage()) ?></pre>
     </dd>
     <dt><?php echo $this->translate('Stack trace') ?>:</dt>
     <dd>
-        <pre class="prettyprint linenums"><?php echo $this->exception->getTraceAsString() ?></pre>
+        <pre class="prettyprint linenums"><?php echo $this->escapeHtml($this->exception->getTraceAsString()) ?></pre>
     </dd>
 </dl>
 <?php
@@ -38,11 +38,11 @@
             </dd>
             <dt><?php echo $this->translate('Message') ?>:</dt>
             <dd>
-                <pre class="prettyprint linenums"><?php echo $e->getMessage() ?></pre>
+                <pre class="prettyprint linenums"><?php echo $this->escapeHtml($e->getMessage()) ?></pre>
             </dd>
             <dt><?php echo $this->translate('Stack trace') ?>:</dt>
             <dd>
-                <pre class="prettyprint linenums"><?php echo $e->getTraceAsString() ?></pre>
+                <pre class="prettyprint linenums"><?php echo $this->escapeHtml($e->getTraceAsString()) ?></pre>
             </dd>
         </dl>
     </li>