Skip to content

Commit

Permalink
apps/internal/local: html escape error desc query string
Browse files Browse the repository at this point in the history
  • Loading branch information
@flavianmissi @bgavrilMS
flavianmissi authored and bgavrilMS committed May 7, 2024
1 parent 36ff880 commit 37c70e2
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion apps/internal/local/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ package local
import (
"context"
"fmt"
"html"
"net"
"net/http"
"strconv"
Expand Down Expand Up @@ -141,7 +142,7 @@ func (s *Server) handler(w http.ResponseWriter, r *http.Request) {

headerErr := q.Get("error")
if headerErr != "" {
desc := q.Get("error_description")
desc := html.EscapeString(q.Get("error_description"))
// Note: It is a little weird we handle some errors by not going to the failPage. If they all should,
// change this to s.error() and make s.error() write the failPage instead of an error code.
_, _ = w.Write([]byte(fmt.Sprintf(failPage, headerErr, desc)))
Expand Down

0 comments on commit 37c70e2

Please sign in to comment.