Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-mrrw-9wf7-xq6w
Co-authored-by: Lena <meowcodes@gmail.com>
  • Loading branch information
yurushao and meowcodes committed Nov 28, 2022
1 parent 1b91cb8 commit 88a7f10
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions querybook/server/app/auth/oauth_auth.py
Expand Up @@ -2,7 +2,7 @@
import requests


from flask import request, session as flask_session, redirect
from flask import Markup, request, session as flask_session, redirect
import flask_login
from requests_oauthlib import OAuth2Session

Expand Down Expand Up @@ -75,7 +75,7 @@ def oauth_callback(self):
LOG.debug("Handling Oauth callback...")

if request.args.get("error"):
return f"<h1>Error: {request.args.get('error')}</h1>"
return f"<h1>Error: { Markup.escape(request.args.get('error')) }</h1>"

code = request.args.get("code")
try:
Expand Down
4 changes: 2 additions & 2 deletions querybook/server/app/auth/okta_auth.py
Expand Up @@ -5,7 +5,7 @@
from app.auth.oauth_auth import OAuthLoginManager, OAUTH_CALLBACK_PATH
from app.db import with_session, DBSession
from env import QuerybookSettings, get_env_config
from flask import request, session as flask_session, redirect
from flask import Markup, request, session as flask_session, redirect
from lib.logger import get_logger
from lib.utils.decorators import in_mem_memoized
from logic.user import (
Expand Down Expand Up @@ -85,7 +85,7 @@ def oauth_callback(self):
LOG.debug("Handling Oauth callback...")

if request.args.get("error"):
return f"<h1>Error: {request.args.get('error')}</h1>"
return f"<h1>Error: { Markup.escape(request.args.get('error')) }</h1>"

code = request.args.get("code")
try:
Expand Down

0 comments on commit 88a7f10

Please sign in to comment.