port = ap_get_server_port(r);
if (!ap_is_default_port(port, r))
thisport = apr_psprintf(r->pool, ":%u", port);
- thisurl = apr_psprintf(r->pool, "https://%s%s/",
- ap_get_server_name(r), thisport);
+ thisurl = ap_escape_html(r->pool, apr_psprintf(r->pool, "https://%s%s/",
+ ap_get_server_name(r), thisport));
apr_table_setn(r->notes, "error-notes", apr_psprintf(r->pool,
- "Reason: You're speaking plain HTTP to an SSL-enabled server port.<BR>\n"
- "Instead use the HTTPS scheme to access this URL, please.<BR>\n"
- "<BLOCKQUOTE>Hint: <A HREF=\"%s\"><B>%s</B></A></BLOCKQUOTE>",
+ "Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />\n"
+ "Instead use the HTTPS scheme to access this URL, please.<br />\n"
+ "<blockquote>Hint: <a href=\"%s\"><b>%s</b></a></blockquote>",
thisurl, thisurl));
}