anas/spotipy
1
0
Fork 0
mirror of https://github.com/spotipy-dev/spotipy.git synced 2026-06-19 01:03:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge commit from fork

Browse Source 
* Sanitize error message output

Escape HTML characters in error message for security.

* Update CHANGELOG.md

---------

Co-authored-by: Niko <github@dieserniko.link>
This commit is contained in:
Yue (Knox) Liu 2025-11-27 03:58:33 +08:00 committed by GitHub
parent a91d9feb51
commit 880b92d724
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -18,6 +18,7 @@ Add your changes below.
- Fixed dead link in README.md - Fixed dead link in README.md
- Corrected Spotify/Spotipy typo in documentation - Corrected Spotify/Spotipy typo in documentation
- Sanitize HTML error message output for OAuth flow
### Removed ### Removed

3
spotipy/oauth2.py
View File

@ -8,6 +8,7 @@ __all__ = [
] ]
import base64 import base64
import html
import logging import logging
import os import os
import time import time
@ -1252,7 +1253,7 @@ class RequestHandler(BaseHTTPRequestHandler):
if self.server.auth_code: if self.server.auth_code:
status = "successful" status = "successful"
elif self.server.error: elif self.server.error:
status = f"failed ({self.server.error})" status = f"failed ({html.escape(str(self.server.error))})"
else: else:
self._write("<html><body><h1>Invalid request</h1></body></html>") self._write("<html><body><h1>Invalid request</h1></body></html>")
return return