From fa4573dcf9182bbb6d9094491dda697c54b06f59 Mon Sep 17 00:00:00 2001
From: Sdogruyol <dogruyolserdar@gmail.com>
Date: Sun, 4 Dec 2016 16:27:40 +0300
Subject: [PATCH] HTML.escape render_500

---
 src/kemal/helpers/templates.cr | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/kemal/helpers/templates.cr b/src/kemal/helpers/templates.cr
index 3a5be61..b94697a 100644
--- a/src/kemal/helpers/templates.cr
+++ b/src/kemal/helpers/templates.cr
@@ -22,7 +22,7 @@ end
 
 def render_500(context, backtrace, verbosity)
   message = if verbosity
-              "<pre>#{backtrace}</pre>"
+              "<pre><%= backtrace %></pre>"
             else
               "<p>Something wrong with the server :(</p>"
             end
@@ -42,7 +42,7 @@ def render_500(context, backtrace, verbosity)
       </head>
       <body>
         <h2>Kemal has encountered an error. (500)</h2>
-        #{message}
+        <%= HTML.escape(message) %>
       </body>
       </html>
   HTML