HTML.escape render_500

src/kemal/helpers/templates.cr

@@ -22,7 +22,7 @@ end
 
 def render_500(context, backtrace, verbosity)
   message = if verbosity
-              "<pre>#{backtrace}</pre>"
+              "<pre><%= backtrace %></pre>"
             else
               "<p>Something wrong with the server :(</p>"
             end
@@ -42,7 +42,7 @@ def render_500(context, backtrace, verbosity)
       </head>
       <body>
         <h2>Kemal has encountered an error. (500)</h2>
-        #{message}
+        <%= HTML.escape(message) %>
       </body>
       </html>
   HTML