web: No longer escape HTML characters in SendError (#8533)

Author: beautifulentropy

web/send_error.go

@@ -1,6 +1,7 @@
 package web
 
 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -63,10 +64,19 @@ func SendError(
 		prob.SubProblems[i].Type = probs.ProblemType(probs.ErrorNS) + prob.SubProblems[i].Type
 	}
 
-	problemDoc, err := json.MarshalIndent(prob, "", "  ")
+	var problemDoc []byte
+	var buf bytes.Buffer
+	enc := json.NewEncoder(&buf)
+	enc.SetIndent("", "  ")
+	// Avoid escaping characters: <, >, &, some of our log messages contain
+	// these characters and we want them to be human readable.
+	enc.SetEscapeHTML(false)
+	err := enc.Encode(prob)
 	if err != nil {
 		log.AuditErrf("Could not marshal error message: %s - %+v", err, prob)
 		problemDoc = []byte("{\"detail\": \"Problem marshalling error message.\"}")
+	} else {
+		problemDoc = bytes.TrimSuffix(buf.Bytes(), []byte("\n"))
 	}
 
 	response.Write(problemDoc)

web/send_error_test.go

@@ -103,3 +103,14 @@ func TestSendErrorPausedProblemLoggingSuppression(t *testing.T) {
 
 	test.AssertEquals(t, logEvent.Error, "429 :: rateLimited :: account/ident pair is paused")
 }
+
+func TestSendErrorDoesNotEscapeHTML(t *testing.T) {
+	rw := httptest.NewRecorder()
+	logEvent := RequestEvent{}
+	SendError(log.NewMock(), rw, &logEvent, probs.Malformed("nonce less than lowest eligible nonce: 1 < 2"), nil)
+
+	test.AssertEquals(t, logEvent.Error, "400 :: malformed :: nonce less than lowest eligible nonce: 1 < 2")
+	body := rw.Body.String()
+	test.AssertNotContains(t, body, "\\u003c")
+	test.AssertContains(t, body, "nonce less than lowest eligible nonce: 1 < 2")
+}