fix codeql security issue (vmware-tanzu#447)

mpanchajanya · Aug 1, 2023 · a56d097 · a56d097
1 parent 530ee20
commit a56d097
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/pkg/auth/csp/selfmanaged.go b/pkg/auth/csp/selfmanaged.go
@@ -6,6 +6,7 @@ package csp
 import (
  "context"
  "fmt"
+ "html"
  "net/http"
  "net/url"
  "os"
@@ -63,7 +64,7 @@ func callbackHandler(w http.ResponseWriter, r *http.Request) {
  defer tokenExchangeComplete()
  code := r.URL.Query().Get("code")
  if code == "" {
- errMsg := fmt.Sprintf("[state] query params is required, URL %s did not have this query parameters", r.URL.String())
+ errMsg := fmt.Sprintf("[state] query params is required, URL %s did not have this query parameters", html.EscapeString(r.URL.String()))
  http.Error(w, errMsg, http.StatusBadRequest)
  log.Info(errMsg)
  return