XSS Via Method injection

Hi guys i found a low risk vuln , when you request a page on gratipay.com with uncommon Method , the server responds with error message . Invalid Method 'Invalid HTTP method:TTEGETTT with out escaping chars so when you inject an html element with method you can trigger an XSS . Steps to reproduce - make an http request with a method like this <img|src='3'|onerror=alert(3)/> Fix : you should validate the method value before printing it back in responses