auth
61:cef5111af5c7 Browse Files
Make static error messages HTML safe. We may, at some point, want to use links or HTML elements in these static error messages. Since they're hardcoded, let's pass them as safe HTML strings.
1.1 --- a/http.go Sun Nov 02 20:45:51 2014 -0500 1.2 +++ b/http.go Sun Nov 02 21:13:26 2014 -0500 1.3 @@ -1,6 +1,7 @@ 1.4 package auth 1.5 1.6 import ( 1.7 + "html/template" 1.8 "net/http" 1.9 "net/url" 1.10 "time" 1.11 @@ -19,7 +20,7 @@ 1.12 if r.URL.Query().Get("client_id") == "" { 1.13 w.WriteHeader(http.StatusBadRequest) 1.14 context.Render(w, getGrantTemplateName, map[string]interface{}{ 1.15 - "error": "Client ID must be specified in the request.", 1.16 + "error": template.HTML("Client ID must be specified in the request."), 1.17 }) 1.18 return 1.19 } 1.20 @@ -27,7 +28,7 @@ 1.21 if err != nil { 1.22 w.WriteHeader(http.StatusBadRequest) 1.23 context.Render(w, getGrantTemplateName, map[string]interface{}{ 1.24 - "error": "client_id is not a valid Client ID.", 1.25 + "error": template.HTML("client_id is not a valid Client ID."), 1.26 }) 1.27 return 1.28 } 1.29 @@ -36,12 +37,12 @@ 1.30 if err == ErrClientNotFound { 1.31 w.WriteHeader(http.StatusBadRequest) 1.32 context.Render(w, getGrantTemplateName, map[string]interface{}{ 1.33 - "error": "The Client specified couldn't be found.", 1.34 + "error": template.HTML("The specified Client couldn’t be found."), 1.35 }) 1.36 } else { 1.37 w.WriteHeader(http.StatusInternalServerError) 1.38 context.Render(w, getGrantTemplateName, map[string]interface{}{ 1.39 - "internal_error": err, 1.40 + "internal_error": template.HTML(err.Error()), 1.41 }) 1.42 } 1.43 return 1.44 @@ -52,7 +53,7 @@ 1.45 if err != nil { 1.46 w.WriteHeader(http.StatusInternalServerError) 1.47 context.Render(w, getGrantTemplateName, map[string]interface{}{ 1.48 - "internal_error": err, 1.49 + "internal_error": template.HTML(err.Error()), 1.50 }) 1.51 return 1.52 } 1.53 @@ -64,7 +65,7 @@ 1.54 if err != nil { 1.55 w.WriteHeader(http.StatusInternalServerError) 1.56 context.Render(w, getGrantTemplateName, map[string]interface{}{ 1.57 - "internal_error": err, 1.58 + "internal_error": template.HTML(err.Error()), 1.59 }) 1.60 return 1.61 } 1.62 @@ -76,7 +77,7 @@ 1.63 if err != nil { 1.64 w.WriteHeader(http.StatusInternalServerError) 1.65 context.Render(w, getGrantTemplateName, map[string]interface{}{ 1.66 - "internal_error": err, 1.67 + "internal_error": template.HTML(err.Error()), 1.68 }) 1.69 return 1.70 } 1.71 @@ -91,7 +92,7 @@ 1.72 if !validURI { 1.73 w.WriteHeader(http.StatusBadRequest) 1.74 context.Render(w, getGrantTemplateName, map[string]interface{}{ 1.75 - "error": "The redirect_uri specified is not valid.", 1.76 + "error": template.HTML("The redirect_uri specified is not valid."), 1.77 }) 1.78 return 1.79 } 1.80 @@ -101,7 +102,7 @@ 1.81 if err != nil { 1.82 w.WriteHeader(http.StatusBadRequest) 1.83 context.Render(w, getGrantTemplateName, map[string]interface{}{ 1.84 - "error": "The redirect_uri specified is not valid.", 1.85 + "error": template.HTML("The redirect_uri specified is not valid."), 1.86 }) 1.87 return 1.88 }