From 610a0d6672e4f486f630684f669d3b928c68977b Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Tue, 2 May 2023 16:16:51 +0800
Subject: [PATCH] Encode the exception message.

Resolve #16447
---
 .../MultiTenancy/AbpAspNetCoreMultiTenancyOptions.cs          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/framework/src/Volo.Abp.AspNetCore.MultiTenancy/Volo/Abp/AspNetCore/MultiTenancy/AbpAspNetCoreMultiTenancyOptions.cs b/framework/src/Volo.Abp.AspNetCore.MultiTenancy/Volo/Abp/AspNetCore/MultiTenancy/AbpAspNetCoreMultiTenancyOptions.cs
index 5956e4f7d3..3e775d0da2 100644
--- a/framework/src/Volo.Abp.AspNetCore.MultiTenancy/Volo/Abp/AspNetCore/MultiTenancy/AbpAspNetCoreMultiTenancyOptions.cs
+++ b/framework/src/Volo.Abp.AspNetCore.MultiTenancy/Volo/Abp/AspNetCore/MultiTenancy/AbpAspNetCoreMultiTenancyOptions.cs
@@ -60,12 +60,12 @@ public class AbpAspNetCoreMultiTenancyOptions
 
             if (isCookieAuthentication && context.Request.Method.Equals("Get", StringComparison.OrdinalIgnoreCase) && !context.Request.IsAjax())
             {
-                context.Response.Headers.Add("Abp-Tenant-Resolve-Error", exception.Message);
+                context.Response.Headers.Add("Abp-Tenant-Resolve-Error", HtmlEncoder.Default.Encode(exception.Message));
                 context.Response.Redirect(context.Request.GetEncodedUrl());
             }
             else
             {
-                context.Response.Headers.Add("Abp-Tenant-Resolve-Error", exception.Message);
+                context.Response.Headers.Add("Abp-Tenant-Resolve-Error", HtmlEncoder.Default.Encode(exception.Message));
                 context.Response.StatusCode = (int)HttpStatusCode.NotFound;
                 context.Response.ContentType = "text/html";