composer update

vendor/symfony/debug/Tests/ExceptionHandlerTest.php

@@ -48,8 +48,17 @@ class ExceptionHandlerTest extends TestCase
         $handler->sendPhpResponse(new \RuntimeException('Foo'));
         $response = ob_get_clean();
 
-        $this->assertContains('Whoops, looks like something went wrong.', $response);
+        $this->assertContains('<h1 class="break-long-words exception-message">Foo</h1>', $response);
         $this->assertContains('<div class="trace trace-as-html">', $response);
+
+        // taken from https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
+        $htmlWithXss = '<body onload=alert(\'test1\')> <b onmouseover=alert(\'Wufff!\')>click me!</b> <img src="j&#X41vascript:alert(\'test2\')"> <meta http-equiv="refresh"
+content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgndGVzdDMnKTwvc2NyaXB0Pg">';
+        ob_start();
+        $handler->sendPhpResponse(new \RuntimeException($htmlWithXss));
+        $response = ob_get_clean();
+
+        $this->assertContains(sprintf('<h1 class="break-long-words exception-message">%s</h1>', htmlspecialchars($htmlWithXss, ENT_COMPAT | ENT_SUBSTITUTE, 'UTF-8')), $response);
     }
 
     public function testStatusCode()