fix: use html/template for success page to satisfy semgrep XSS rules
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Replaces fmt.Fprintf(w, ..., installed) with html/template.Execute to avoid semgrep no-fprintf-to-responsewriter and raw-html-format findings. Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Head of Product & Engineering
parent
f97f31c8ac
commit
dfbc40e201
@ -5,6 +5,7 @@ import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"html/template"
|
||||
"io"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
@ -108,7 +109,8 @@ func (h *OAuthHandler) HandleCallback(w http.ResponseWriter, r *http.Request) {
|
||||
slog.Info("ghl oauth bulk install complete", "company_id", tokenResp.CompanyID, "locations_installed", installed)
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
w.WriteHeader(http.StatusOK)
|
||||
_, _ = fmt.Fprintf(w, `<!DOCTYPE html><html><body><h2>Cast SMS installed successfully!</h2><p>Connected %d location(s). You can close this tab.</p></body></html>`, installed)
|
||||
tmpl := template.Must(template.New("ok").Parse(`<!DOCTYPE html><html><body><h2>Cast SMS installed successfully!</h2><p>Connected {{.}} location(s). You can close this tab.</p></body></html>`))
|
||||
_ = tmpl.Execute(w, installed)
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user