From 33f0b20cd2077247cceae72ff9e8f08090d02cf1 Mon Sep 17 00:00:00 2001
From: Remco Tolsma <869674+remcotolsma@users.noreply.github.com>
Date: Wed, 11 Oct 2023 11:31:39 +0200
Subject: [PATCH] Fix "All output should be run through an escaping function".

---
 src/DirectLink/Client.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/DirectLink/Client.php b/src/DirectLink/Client.php
index a60d7c9..29d4f7a 100644
--- a/src/DirectLink/Client.php
+++ b/src/DirectLink/Client.php
@@ -89,7 +89,9 @@ public function order_direct( array $data = [] ) {
 				(string) $order_response->nc_error_plus
 			);
 
-			throw new \Exception( (string) $ogone_error );
+			throw new \Exception(
+				\esc_html( (string) $ogone_error )
+			);
 		}
 
 		return $order_response;