diff --git a/composer.json b/composer.json
index e2e63d8..8c617fa 100644
--- a/composer.json
+++ b/composer.json
@@ -18,6 +18,6 @@
 		]
 	},
 	"extra": {
-		"phan-taint-check-plugin": "1.5.0"
+		"phan-taint-check-plugin": "2.0.1"
 	}
 }
diff --git a/src/SpecialMathShowImage.php b/src/SpecialMathShowImage.php
index d8a5fd1..2faa0db 100644
--- a/src/SpecialMathShowImage.php
+++ b/src/SpecialMathShowImage.php
@@ -119,16 +119,15 @@ class SpecialMathShowImage extends SpecialPage {
 
 	/**
 	 * Prints the specified error message as svg.
-	 * @param string $msg error message
+	 * @param string $msg error message, HTML escaped
 	 * @return string xml svg image with the error message
 	 */
 	private function printSvgError( $msg ) {
 		global $wgDebugComments;
-		$escaped = htmlspecialchars( $msg );
 		$result = <<<SVG
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 4" preserveAspectRatio="xMidYMid meet" >
 <text text-anchor="start" fill="red" y="2">
-$escaped
+$msg
 </text>
 </svg>
 SVG;