Fix code scanning alert no. 51: Reflected server-side cross-site scripting

loganbertram · github-advanced-security[bot] · web-flow · commit 5b56fad4d740 · 2024-10-09T09:43:49.000-04:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/apps/dot_ext/views/authorization.py b/apps/dot_ext/views/authorization.py
@@ -23,7 +23,7 @@
 from oauthlib.oauth2.rfc6749.errors import InvalidClientError, InvalidGrantError
 from rest_framework import status
 from urllib.parse import urlparse, parse_qs
-
+import html
 from apps.dot_ext.scopes import CapabilitiesScopes
 import apps.logging.request_logger as bb2logging
 
@@ -374,7 +374,8 @@ def post(self, request, *args, **kwargs):
         try:
             token = at_model.objects.get(token=tkn)
         except at_model.DoesNotExist:
-            return HttpResponse(f"Token {tkn} was Not Found.  Please check the value and try again.",
+            escaped_tkn = html.escape(tkn)
+            return HttpResponse(f"Token {escaped_tkn} was Not Found.  Please check the value and try again.",
                                 status=status.HTTP_404_NOT_FOUND)
 
         try:
