Fix the other one

Signed-off-by: Yuri Shkuro <github@ysh.us>

cmd/collector/app/zipkin/http_handler.go

@@ -18,6 +18,7 @@ package zipkin
 import (
 	"compress/gzip"
 	"fmt"
+	"html"
 	"io"
 	"io/ioutil"
 	"mime"
@@ -100,7 +101,10 @@ func (aH *APIHandler) saveSpans(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	if err != nil {
-		http.Error(w, fmt.Sprintf(handler.UnableToReadBodyErrFormat, err), http.StatusBadRequest)
+		// CodeQL seems to produce false-positive vulnerability warning.
+		// https://github.com/github/codeql/issues/4853
+		safeErr := html.EscapeString(err.Error())
+		http.Error(w, fmt.Sprintf(handler.UnableToReadBodyErrFormat, safeErr), http.StatusBadRequest)
 		return
 	}