From cdca09a7b201bb897e985589cf71b6113d16075d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <baris@nodebb.org>
Date: Wed, 9 Dec 2015 21:18:56 +0200
Subject: [PATCH] escape error message on 500 page

---
 src/routes/index.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/routes/index.js b/src/routes/index.js
index 0dfa0303ba..a35c5ea61e 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -6,6 +6,7 @@ var nconf = require('nconf'),
 	controllers = require('../controllers'),
 	plugins = require('../plugins'),
 	express = require('express'),
+	validator = require('validator'),
 
 	accountRoutes = require('./accounts'),
 
@@ -195,7 +196,7 @@ function handleErrors(app, middleware) {
 			res.json({path: req.path, error: err.message});
 		} else {
 			middleware.buildHeader(req, res, function() {
-				res.render('500', {path: req.path, error: err.message});
+				res.render('500', {path: req.path, error: validator.escape(err.message)});
 			});
 		}
 	});