From 8130153ce6b2a74887ee0c7f59c81d430e719d02 Mon Sep 17 00:00:00 2001
From: Raffael Meyer <14891507+barredterra@users.noreply.github.com>
Date: Mon, 13 Feb 2023 10:04:35 +0100
Subject: [PATCH] fix: quote provider name (#19604)
* fix: quote provider name
* fix: escape icon in get_icon_html
---
frappe/utils/html_utils.py | 7 +++++--
frappe/www/login.py | 4 ++--
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/frappe/utils/html_utils.py b/frappe/utils/html_utils.py
index c34c4fd188..7edf6556c9 100644
--- a/frappe/utils/html_utils.py
+++ b/frappe/utils/html_utils.py
@@ -4,6 +4,7 @@ import re
from bleach_allowlist import bleach_allowlist
import frappe
+from frappe.utils.data import escape_html
EMOJI_PATTERN = re.compile(
"(\ud83d[\ude00-\ude4f])|"
@@ -204,10 +205,12 @@ def get_icon_html(icon, small=False):
if is_image(icon):
return (
- f'
' if small else f''
+ f"!r})
"
+ if small
+ else f""
)
else:
- return f""
+ return f""
def unescape_html(value):
diff --git a/frappe/www/login.py b/frappe/www/login.py
index 97ceb01c6e..8529b03bf6 100644
--- a/frappe/www/login.py
+++ b/frappe/www/login.py
@@ -6,9 +6,9 @@ import frappe.utils
from frappe import _
from frappe.auth import LoginManager
from frappe.integrations.doctype.ldap_settings.ldap_settings import LDAPSettings
-from frappe.integrations.oauth2_logins import decoder_compat
from frappe.rate_limiter import rate_limit
from frappe.utils import cint, get_url
+from frappe.utils.data import escape_html
from frappe.utils.html_utils import get_icon_html
from frappe.utils.jinja import guess_is_path
from frappe.utils.oauth import get_oauth2_authorize_url, get_oauth_keys, redirect_post_login
@@ -72,7 +72,7 @@ def get_context(context):
if provider.provider_name == "Custom":
icon = get_icon_html(provider.icon, small=True)
else:
- icon = f"
"
+ icon = f"!r})
"
if provider.client_id and provider.base_url and get_oauth_keys(provider.name):
context.provider_logins.append(