From 87ebbf0f08ff730827409b29a8076ac83410c4f0 Mon Sep 17 00:00:00 2001
From: Yunus AYDIN <aydinnyunus@gmail.com>
Date: Fri, 28 Mar 2025 00:22:18 +0300
Subject: [PATCH] Fix Cross Site Scripting Issue (#497)

---
 src/akkudoktoreos/server/rest/error.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/akkudoktoreos/server/rest/error.py b/src/akkudoktoreos/server/rest/error.py
index 63d987b..a0320d5 100644
--- a/src/akkudoktoreos/server/rest/error.py
+++ b/src/akkudoktoreos/server/rest/error.py
@@ -1,3 +1,5 @@
+import html
+
 ERROR_PAGE_TEMPLATE = """
 <!DOCTYPE html>
 <html lang="en">
@@ -86,6 +88,6 @@ def create_error_page(
     return (
         ERROR_PAGE_TEMPLATE.replace("STATUS_CODE", status_code)
         .replace("ERROR_TITLE", error_title)
-        .replace("ERROR_MESSAGE", error_message)
-        .replace("ERROR_DETAILS", error_details)
+        .replace("ERROR_MESSAGE", html.escape(error_message))
+        .replace("ERROR_DETAILS", html.escape(error_details))
     )