diff --git a/pkg/api/utils.go b/pkg/api/utils.go
index 0028cdef8..0df90901c 100644
--- a/pkg/api/utils.go
+++ b/pkg/api/utils.go
@@ -21,35 +21,39 @@ import (
 	"k8s.io/klog"
 	"net/http"
 	"runtime"
+	"strings"
 )
 
+// Avoid emitting errors that look like valid HTML. Quotes are okay.
+var sanitizer = strings.NewReplacer(`&`, "&amp;", `<`, "&lt;", `>`, "&gt;")
+
 func HandleInternalError(response *restful.Response, req *restful.Request, err error) {
 	_, fn, line, _ := runtime.Caller(1)
 	klog.Errorf("%s:%d %v", fn, line, err)
-	_ = response.WriteError(http.StatusInternalServerError, err)
+	http.Error(response, sanitizer.Replace(err.Error()), http.StatusInternalServerError)
 }
 
 // HandleBadRequest writes http.StatusBadRequest and log error
 func HandleBadRequest(response *restful.Response, req *restful.Request, err error) {
 	_, fn, line, _ := runtime.Caller(1)
 	klog.Errorf("%s:%d %v", fn, line, err)
-	_ = response.WriteError(http.StatusBadRequest, err)
+	http.Error(response, sanitizer.Replace(err.Error()), http.StatusBadRequest)
 }
 
 func HandleNotFound(response *restful.Response, req *restful.Request, err error) {
 	_, fn, line, _ := runtime.Caller(1)
 	klog.Errorf("%s:%d %v", fn, line, err)
-	_ = response.WriteError(http.StatusNotFound, err)
+	http.Error(response, sanitizer.Replace(err.Error()), http.StatusNotFound)
 }
 
 func HandleForbidden(response *restful.Response, req *restful.Request, err error) {
 	_, fn, line, _ := runtime.Caller(1)
 	klog.Errorf("%s:%d %v", fn, line, err)
-	_ = response.WriteError(http.StatusForbidden, err)
+	http.Error(response, sanitizer.Replace(err.Error()), http.StatusForbidden)
 }
 
 func HandleConflict(response *restful.Response, req *restful.Request, err error) {
 	_, fn, line, _ := runtime.Caller(1)
 	klog.Errorf("%s:%d %v", fn, line, err)
-	_ = response.WriteError(http.StatusConflict, err)
+	http.Error(response, sanitizer.Replace(err.Error()), http.StatusConflict)
 }