From dcf03fc078228a286384757c3501ab5df5306062 Mon Sep 17 00:00:00 2001
From: crapStone <crapstone@noreply.codeberg.org>
Date: Fri, 2 Dec 2022 15:25:25 +0000
Subject: [PATCH] Fix error page (#144)

Co-authored-by: crapStone <crapstone01@gmail.com>
Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/144
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: crapStone <crapstone@noreply.codeberg.org>
Co-committed-by: crapStone <crapstone@noreply.codeberg.org>
---
 html/error.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/html/error.go b/html/error.go
index 826c42b..ac222c4 100644
--- a/html/error.go
+++ b/html/error.go
@@ -1,6 +1,7 @@
 package html
 
 import (
+	"html/template"
 	"net/http"
 	"strconv"
 	"strings"
@@ -39,7 +40,8 @@ func errorMessage(statusCode int) string {
 
 // TODO: use template engine
 func errorBody(statusCode int) string {
-	return strings.ReplaceAll(NotFoundPage,
-		"%status%",
-		strconv.Itoa(statusCode)+" "+errorMessage(statusCode))
+	return template.HTMLEscapeString(
+		strings.ReplaceAll(NotFoundPage,
+			"%status%",
+			strconv.Itoa(statusCode)+" "+errorMessage(statusCode)))
 }