diff --git a/custom_components/auth_oidc/endpoints/injected_auth_page.py b/custom_components/auth_oidc/endpoints/injected_auth_page.py index 406aeed..7112734 100644 --- a/custom_components/auth_oidc/endpoints/injected_auth_page.py +++ b/custom_components/auth_oidc/endpoints/injected_auth_page.py @@ -1,5 +1,6 @@ """Injected authorization page, replacing the original""" +import json import logging from functools import partial from homeassistant.components.http import HomeAssistantView, StaticPathConfig @@ -61,12 +62,9 @@ async def frontend_injection(hass: HomeAssistant, sso_name: str) -> None: frontend_code = await read_file(frontend_path) # Inject JS and register that route - frontend_code = frontend_code.replace( - "", - "", - ) + injection_js = "" + sso_name_js = f"" + frontend_code = frontend_code.replace("", f"{injection_js}{sso_name_js}") await hass.http.async_register_static_paths( [ diff --git a/custom_components/auth_oidc/views/loader.py b/custom_components/auth_oidc/views/loader.py index b63f885..2bd3cf5 100644 --- a/custom_components/auth_oidc/views/loader.py +++ b/custom_components/auth_oidc/views/loader.py @@ -54,7 +54,9 @@ class AsyncTemplateRenderer: if template_name not in templates: raise ValueError(f"Template '{template_name}' not found.") - env = Environment(loader=DictLoader(templates), enable_async=True) + env = Environment( + loader=DictLoader(templates), enable_async=True, autoescape=True + ) template = env.get_template(template_name) # Render template diff --git a/tests/test_hass_webserver.py b/tests/test_hass_webserver.py index 67320d6..11d383d 100644 --- a/tests/test_hass_webserver.py +++ b/tests/test_hass_webserver.py @@ -149,3 +149,4 @@ async def test_frontend_injection(hass: HomeAssistant, hass_client): text = await resp.text() assert "