1680: add sanitation of error-message from codeharbor

kkoehn · kkoehn · commit 6d1c5a04b535 · 2025-02-04T21:57:54.000+01:00
diff --git a/app/services/exercise_service/push_external.rb b/app/services/exercise_service/push_external.rb
@@ -21,7 +21,7 @@ def execute
         if response.success?
           nil
         else
-          response.status == 401 ? I18n.t('exercises.export_codeharbor.not_authorized') : response.body
+          response.status == 401 ? I18n.t('exercises.export_codeharbor.not_authorized') : ERB::Util.html_escape(response.body)
         end
       rescue StandardError => e
         e.message
diff --git a/spec/services/exercise_service/push_external_spec.rb b/spec/services/exercise_service/push_external_spec.rb
@@ -51,9 +51,17 @@
         let(:status) { 500 }
         let(:response) { 'an error occured' }
 
-        it { is_expected.to be response }
+        it { is_expected.to eql response }
+
+        context 'when response contains problematic characters' do
+          let(:response) { 'an <error> occured' }
+
+          it { is_expected.to eql 'an &lt;error&gt; occured' }
+        end
       end
 
+
+
       context 'when response status is 401' do
         let(:status) { 401 }
         let(:response) { I18n.t('exercises.export_codeharbor.not_authorized') }
