diff --git a/lib/LedgerSMB/PSGI/Util.pm b/lib/LedgerSMB/PSGI/Util.pm index 2d6195d69..b716a01c4 100644 --- a/lib/LedgerSMB/PSGI/Util.pm +++ b/lib/LedgerSMB/PSGI/Util.pm @@ -24,6 +24,7 @@ use strict; use warnings; use Carp; +use HTML::Escape; use HTTP::Status qw( HTTP_OK HTTP_INTERNAL_SERVER_ERROR HTTP_SEE_OTHER HTTP_UNAUTHORIZED ); @@ -41,7 +42,7 @@ Returns a standard error representation for HTTP status 500 sub internal_server_error { - my ($msg, $title, $company, $dbversion) = @_; + my ($msg, $title, $company, $dbversion) = map { escape_html($_ // '') } @_; $title //= 'Error!'; $msg =~ s/\n/
/g;