Hi,
The Url is not safe to XSS, When I navigate to this url:
http://host.local/app/Dashboard<script>alert("test")</script>
The script will injected into error message:
The system is unable to find the requested action "adminDashboard
This was a silly question just CHtml::encode($error[‘message’]);