Fix code scanning alert no. 15: Reflected cross-site scripting (#466)

* Fix code scanning alert no. 15: Reflected cross-site scripting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* go ver

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

pkg/operator/controllers/allocation_utils.go

@@ -1,6 +1,7 @@
 package controllers
 
 import (
+	"html"
 	"net/http"
 	"regexp"
 
@@ -40,26 +41,26 @@ type RequestMultiplayerServerResponse struct {
 func internalServerError(w http.ResponseWriter, l logr.Logger, err error, msg string) {
 	l.Error(err, msg)
 	w.WriteHeader(http.StatusInternalServerError)
-	w.Write([]byte("500 - " + msg + " " + err.Error()))
+	w.Write([]byte("500 - " + html.EscapeString(msg) + " " + html.EscapeString(err.Error())))
 }
 
 // badRequestError is a helper function for returning a bad request error
 func badRequestError(w http.ResponseWriter, l logr.Logger, err error, msg string) {
 	l.Info(msg)
 	w.WriteHeader(http.StatusBadRequest)
-	w.Write([]byte("400 - " + msg + " " + err.Error()))
+	w.Write([]byte("400 - " + html.EscapeString(msg) + " " + html.EscapeString(err.Error())))
 }
 
 // tooManyRequestsError is a helper function for returning a too many requests error
 func tooManyRequestsError(w http.ResponseWriter, l logr.Logger, err error, msg string) {
 	l.Info(msg)
 	w.WriteHeader(http.StatusTooManyRequests)
-	w.Write([]byte("429 - " + msg + " " + err.Error()))
+	w.Write([]byte("429 - " + html.EscapeString(msg) + " " + html.EscapeString(err.Error())))
 }
 
 // notFoundError is a helper function for returning a not found error
 func notFoundError(w http.ResponseWriter, l logr.Logger, err error, msg string) {
 	l.Info(msg)
 	w.WriteHeader(http.StatusNotFound)
-	w.Write([]byte("404 - " + msg + " " + err.Error()))
+	w.Write([]byte("404 - " + html.EscapeString(msg) + " " + html.EscapeString(err.Error())))
 }