public/hass-oidc-auth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable Jinja2 autoescaping (#200)

Browse Source 
- Enable Jinja2 autoescape by default in the template environment.
- Use json.dumps to safely inject sso_name into JavaScript context.
- Fix linting issue (line too long) in injected_auth_page.py.
- Update tests to verify escaping and safe injection.

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: werdnum <271070+werdnum@users.noreply.github.com>
This commit is contained in:
Andrew Garrett
2026-02-06 19:07:54 +11:00
committed by GitHub
parent eaed91016a
commit b2d07c28f0
4 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/test_hass_webserver.py
View File

@@ -149,3 +149,4 @@ async def test_frontend_injection(hass: HomeAssistant, hass_client):
text = await resp.text()
assert "<script src='/auth/oidc/static/injection.js" in text
assert "window.sso_name = \"OpenID Connect (SSO)\";" in text