diff --git a/pytest.ini b/pytest.ini
index d0e86bb..8328641 100644
--- a/pytest.ini
+++ b/pytest.ini
@@ -1,3 +1,6 @@
 [pytest]
+env =
+    DATABASE_URL=postgresql://user:dbpass@pg/test
+    DEBUG=
 testpaths = tests
-addopts = --cov=tcrudge --cov-report term-missing -v
+addopts = --cov=tcrudge --cov-report term-missing -v
\ No newline at end of file
diff --git a/readme.md b/readme.md
index 86fae6f..95b091d 100644
--- a/readme.md
+++ b/readme.md
@@ -42,7 +42,7 @@ You'll need docker and docker-compose.
 1. Go to project root directory
 2. Run docker-compose up, it builts and runs containers.
 3. Go to tcrudge container bash: docker exec -ti tcrudge_tcrudge_1 bash
-4. Run: DATABASE_URL=postgresql://user:dbpass@pg/test pytest
+4. Run: pytest
 
 # Features?
 
@@ -127,3 +127,4 @@ loop.run_forever()
 * [Nikolaev Alexander] (https://github.com/wokli)
 * [Krasavina Alina] (https://github.com/thaelathy)
 * [Ivanov Denis] (https://github.com/steinerr)
+* [Andrey Sviridov] (https://github.com/isgondurasa)
diff --git a/tcrudge/handlers.py b/tcrudge/handlers.py
index 8ca2156..bc5619a 100644
--- a/tcrudge/handlers.py
+++ b/tcrudge/handlers.py
@@ -618,7 +618,7 @@ async def get(self):
                         {
                             'code': '',
                             'message': 'Bad query arguments',
-                            'detail': str(e)
+                            'detail': xhtml_escape(str(e))
                         }
                     ]
                 )
@@ -677,6 +677,7 @@ async def post(self):
             item = await self.model_cls._create(self.application, data)
         except AttributeError as e:
             # We can only create item if _create() model method implemented
+            err = xhtml_escape(str(e))
             raise HTTPError(
                 405,
                 body=self.get_response(
@@ -684,7 +685,7 @@ async def post(self):
                         {
                             'code': '',
                             'message': 'Method not allowed',
-                            'detail': str(e)
+                            'detail': err
                         }
                     ]
                 )
@@ -794,7 +795,7 @@ async def get_item(self, item_id):
                             {
                                 'code': '',
                                 'message': 'Item not found',
-                                'detail': str(e)
+                                'detail': xhtml_escape(str(e))
                             }
                         ]
                     )
@@ -843,7 +844,7 @@ async def put(self, item_id):
                         {
                             'code': '',
                             'message': 'Method not allowed',
-                            'detail': str(e)
+                            'detail': xhtml_escape(str(e))
                         }
                     ]
                 )
diff --git a/tests/test_handlers.py b/tests/test_handlers.py
index 44db4af..c648f9b 100644
--- a/tests/test_handlers.py
+++ b/tests/test_handlers.py
@@ -398,8 +398,8 @@ async def test_base_api_list_filter_bad_request1(http_client, base_url, url_para
     assert data['result'] is None
     assert not data['success']
     assert len(data['errors']) == 1
-    assert '<' in data['errors'][0]['detail']
-    assert '>' in data['errors'][0]['detail']
+    assert 'lt;' in data['errors'][0]['detail']
+    assert 'gt;' in data['errors'][0]['detail']
 
 
 @pytest.mark.gen_test