From dd09f59a131bcab61df073838876bc473d2f6c7e Mon Sep 17 00:00:00 2001
From: Nicolo Singer <nicolo@whatwedo.ch>
Date: Thu, 25 Sep 2025 10:36:58 -0500
Subject: [PATCH] fix(formatter): escape HTML output in default formatter

Signed-off-by: Nicolo Singer <nicolo@whatwedo.ch>
---
 src/Formatter/AbstractFormatter.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Formatter/AbstractFormatter.php b/src/Formatter/AbstractFormatter.php
index 3acc133..b263905 100644
--- a/src/Formatter/AbstractFormatter.php
+++ b/src/Formatter/AbstractFormatter.php
@@ -22,7 +22,7 @@ public function __construct()
 
     public function getHtml(mixed $value): string
     {
-        return $this->getString($value);
+        return $this->escapeHTML($this->getString($value));
     }
 
     /**