From dfbc40e201b0b2d7db4c0a48ac272a3f7b3796e4 Mon Sep 17 00:00:00 2001
From: Head of Product & Engineering <cast-hpe@cast.ph>
Date: Mon, 6 Apr 2026 10:11:14 +0200
Subject: [PATCH] fix: use html/template for success page to satisfy semgrep
 XSS rules

Replaces fmt.Fprintf(w, ..., installed) with html/template.Execute to
avoid semgrep no-fprintf-to-responsewriter and raw-html-format findings.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 internal/ghl/oauth.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/internal/ghl/oauth.go b/internal/ghl/oauth.go
index 640c473..99e21e3 100644
--- a/internal/ghl/oauth.go
+++ b/internal/ghl/oauth.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"html/template"
 	"io"
 	"log/slog"
 	"net/http"
@@ -108,7 +109,8 @@ func (h *OAuthHandler) HandleCallback(w http.ResponseWriter, r *http.Request) {
 		slog.Info("ghl oauth bulk install complete", "company_id", tokenResp.CompanyID, "locations_installed", installed)
 		w.Header().Set("Content-Type", "text/html; charset=utf-8")
 		w.WriteHeader(http.StatusOK)
-		_, _ = fmt.Fprintf(w, `<!DOCTYPE html><html><body><h2>Cast SMS installed successfully!</h2><p>Connected %d location(s). You can close this tab.</p></body></html>`, installed)
+		tmpl := template.Must(template.New("ok").Parse(`<!DOCTYPE html><html><body><h2>Cast SMS installed successfully!</h2><p>Connected {{.}} location(s). You can close this tab.</p></body></html>`))
+		_ = tmpl.Execute(w, installed)
 		return
 	}