From 73632a1c1b31bfa53465b9ff65bda12d04c6fd18 Mon Sep 17 00:00:00 2001
From: Remco Tolsma <869674+remcotolsma@users.noreply.github.com>
Date: Wed, 11 Oct 2023 11:48:06 +0200
Subject: [PATCH] All output should be run through an escaping function.

---
 src/Client.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/Client.php b/src/Client.php
index 1bf7f7e..90f497a 100644
--- a/src/Client.php
+++ b/src/Client.php
@@ -88,7 +88,9 @@ private function request( $message ) {
 		$return = $this->parse_xml( $xml );
 
 		if ( is_object( $return ) && isset( $return->result ) && 'error' === $return->result ) {
-			throw new \Exception( $xml->error->description );
+			throw new \Exception(
+				\esc_html( $xml->error->description )
+			);
 		}
 
 		return $return;