From b8597444ebf5ea10ba5b7d7401dc1fd243a7ef4e Mon Sep 17 00:00:00 2001 From: Arun Elias <32271975+arunelias@users.noreply.github.com> Date: Tue, 11 Feb 2025 15:43:17 +0530 Subject: [PATCH] Fix for Cross Site Scripting (XSS) Vulnerability --- okta_oauth2/views.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/okta_oauth2/views.py b/okta_oauth2/views.py index f16ae30..30b7559 100644 --- a/okta_oauth2/views.py +++ b/okta_oauth2/views.py @@ -11,6 +11,7 @@ from django.shortcuts import redirect, render from django.urls import reverse from django.urls.exceptions import NoReverseMatch +from django.utils.html import escape from .conf import Config @@ -60,7 +61,7 @@ def callback(request): # Verify state if state != cookie_state: return HttpResponseBadRequest( - "Value {} does not match the assigned state".format(state) + "Value {} does not match the assigned state".format(escape(state)) ) user = authenticate(request, auth_code=code, nonce=cookie_nonce)