From 8310c5eeec064f594c97459c6972c0c51ae86966 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Sat, 25 Jul 2020 15:36:07 +0000
Subject: [PATCH] Site Health: Escape the displayed result of the request in
 REST API availability test.

Props siliconforks, gisselfeldt.
Fixes #50588.

git-svn-id: https://develop.svn.wordpress.org/trunk@48608 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/class-wp-site-health.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wp-admin/includes/class-wp-site-health.php b/src/wp-admin/includes/class-wp-site-health.php
index d0de043789..f20bc947c3 100644
--- a/src/wp-admin/includes/class-wp-site-health.php
+++ b/src/wp-admin/includes/class-wp-site-health.php
@@ -1969,7 +1969,7 @@ class WP_Site_Health {
 					/* translators: 1: The HTTP error code. 2: The HTTP error message. */
 					__( 'The REST API call gave the following unexpected result: (%1$d) %2$s.' ),
 					wp_remote_retrieve_response_code( $r ),
-					wp_remote_retrieve_body( $r )
+					esc_html( wp_remote_retrieve_body( $r ) )
 				)
 			);
 		} else {