Escape error template message output

tests/test_app/TestApp/Template/Error/error400.ctp

@@ -14,7 +14,7 @@
  */
 use Cake\Core\Configure;
 ?>
-<h2><?= $message ?></h2>
+<h2><?= h($message) ?></h2>
 <p class="error">
 	<strong><?= __d('cake', 'Error'); ?>: </strong>
 	<?= sprintf(

tests/test_app/TestApp/Template/Error/error500.ctp

@@ -14,7 +14,7 @@
  */
 use Cake\Core\Configure;
 ?>
-<h2><?= $message; ?></h2>
+<h2><?= h($message) ?></h2>
 <p class="error">
 	<strong><?= __d('cake', 'Error'); ?>: </strong>
 	<?= __d('cake', 'An Internal Error Has Occurred.'); ?>