diff --git a/gunicorn/util.py b/gunicorn/util.py
index e0101493..85f7470c 100644
--- a/gunicorn/util.py
+++ b/gunicorn/util.py
@@ -18,11 +18,13 @@ import traceback
 import inspect
 import errno
 import warnings
+import cgi
 
 from gunicorn.errors import AppImportError
-from gunicorn.six import text_type, string_types
+from gunicorn.six import text_type
 from gunicorn.workers import SUPPORTED_WORKERS
 
+
 MAXFD = 1024
 REDIRECT_TO = getattr(os, 'devnull', '/dev/null')
 
@@ -332,7 +334,7 @@ def write_error(sock, status_int, reason, mesg):
         %(mesg)s
       </body>
     </html>
-    """) % {"reason": reason, "mesg": mesg}
+    """) % {"reason": reason, "mesg": cgi.escape(mesg)}
 
     http = textwrap.dedent("""\
     HTTP/1.1 %s %s\r