Skip to content

Commit f334a47

Browse files
committed
1680: add sanitation of error-message from codeharbor
1 parent a4f52e5 commit f334a47

File tree

2 files changed

+9
-3
lines changed

2 files changed

+9
-3
lines changed

app/services/exercise_service/push_external.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ def execute
2121
if response.success?
2222
nil
2323
else
24-
response.status == 401 ? I18n.t('exercises.export_codeharbor.not_authorized') : response.body
24+
response.status == 401 ? I18n.t('exercises.export_codeharbor.not_authorized') : ERB::Util.html_escape(response.body)
2525
end
2626
rescue StandardError => e
2727
e.message

spec/services/exercise_service/push_external_spec.rb

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,9 +49,15 @@
4949

5050
context 'when response status is 500' do
5151
let(:status) { 500 }
52-
let(:response) { 'an error occured' }
52+
let(:response) { 'an error occurred' }
5353

54-
it { is_expected.to be response }
54+
it { is_expected.to eql response }
55+
56+
context 'when response contains problematic characters' do
57+
let(:response) { 'an <error> occurred' }
58+
59+
it { is_expected.to eql 'an &lt;error&gt; occurred' }
60+
end
5561
end
5662

5763
context 'when response status is 401' do

0 commit comments

Comments
 (0)