From 7475264b7ec79c3a384929639e66a0c50cef6c29 Mon Sep 17 00:00:00 2001
From: David Lord <davidism@gmail.com>
Date: Mon, 5 Jun 2023 07:46:13 -0700
Subject: [PATCH] debugger escapes title

---
 CHANGES.rst                   | 1 +
 src/werkzeug/debug/tbtools.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 395ae9ada..49d045667 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -7,6 +7,7 @@ Unreleased
 
 -   Python 3.12 compatibility. :issue:`2704`
 -   Fix handling of invalid base64 values in ``Authorization.from_header``. :issue:`2717`
+-   The debugger escapes the exception message in the page title. :pr:`2719`
 
 
 Version 2.3.4
diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py
index 6eff7e1bd..c45f56ef0 100644
--- a/src/werkzeug/debug/tbtools.py
+++ b/src/werkzeug/debug/tbtools.py
@@ -327,7 +327,7 @@ def render_debugger_html(
             "evalex": "true" if evalex else "false",
             "evalex_trusted": "true" if evalex_trusted else "false",
             "console": "false",
-            "title": exc_lines[0],
+            "title": escape(exc_lines[0]),
             "exception": escape("".join(exc_lines)),
             "exception_type": escape(self._te.exc_type.__name__),
             "summary": self.render_traceback_html(include_title=False),