Escape variable in Exception Template

jderusse · jderusse · commit 629d21b800a1 · 2020-02-04T10:53:50.000+01:00
diff --git a/src/Symfony/Component/ErrorHandler/Resources/views/traces_text.html.php b/src/Symfony/Component/ErrorHandler/Resources/views/traces_text.html.php
@@ -20,15 +20,15 @@
                 <?php if ($exception['trace']) { ?>
                 <pre class="stacktrace">
 <?php
-                    echo $exception['class'].":\n";
+                    echo $this->escape($exception['class']).":\n";
                     if ($exception['message']) {
-                        echo $exception['message']."\n";
+                        echo $this->escape($exception['message'])."\n";
                     }
 
                     foreach ($exception['trace'] as $trace) {
                         echo "\n  ";
                         if ($trace['function']) {
-                            echo 'at '.$trace['class'].$trace['type'].$trace['function'].'('.(isset($trace['args']) ? $this->formatArgsAsText($trace['args']) : '').')';
+                            echo $this->escape('at '.$trace['class'].$trace['type'].$trace['function']).'('.(isset($trace['args']) ? $this->formatArgsAsText($trace['args']) : '').')';
                         }
                         if ($trace['file'] && $trace['line']) {
                             echo($trace['function'] ? "\n     (" : 'at ').strtr(strip_tags($this->formatFile($trace['file'], $trace['line'])), [' at line '.$trace['line'] => '']).':'.$trace['line'].($trace['function'] ? ')' : '');
