Request parameters are not HTML encoded on the 500 page

The 500 page in JIRA lists the request parameters, but does not HTML encode them. This can lead to cross site scripting.