added html sanitize and cleanup formatting

Huachao · Jul 31, 2024 · 0a6a5f0 · 0a6a5f0
1 parent 97bf012
commit 0a6a5f0
Show file tree

Hide file tree

Showing 5 changed files with 204 additions and 11 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -481,7 +481,6 @@
           "scope": "resource",
           "description": "Scopes to be used by the OIDC client, default: [openid profile email]"
         },
-
         "rest-client.oidcCertificates": {
           "type": "object",
           "default": {},
@@ -746,6 +745,7 @@
     "node-jws": "^0.1.4",
     "open": "^10.1.0",
     "pretty-data": "^0.40.0",
+    "sanitize-html": "^2.13.0",
     "tough-cookie": "^4.1.3",
     "tough-cookie-file-store": "^2.0.3",
     "uuid": "^3.3.2",

diff --git a/src/common/constants.ts b/src/common/constants.ts
@@ -25,7 +25,7 @@ export const AzureActiveDirectoryV2TokenVariableName = "$aadV2Token";
 export const AzureActiveDirectoryV2TokenDescription = "Prompts to sign in to Azure AD V2 and adds the token to the request";
 
 export const OidcVariableName = "$oidcAccessToken";
-export const OidcDescription = "Prompts to sign in to an Oidc provider  and adds the token to the request";
+export const OidcDescription = "Prompts to sign in to an Oidc provider and adds the token to the request";
 export const OIdcForceNewOption = "new";
 
 

diff --git a/src/utils/auth/oidcClient.ts b/src/utils/auth/oidcClient.ts
@@ -11,6 +11,7 @@ import { env, Uri, window } from "vscode";
 import { IRestClientSettings, SystemSettings } from '../../models/configurationSettings';
 import { MemoryCache } from '../memoryCache';
 import { getCurrentHttpFileName, getWorkspaceRootPath } from '../workspaceUtility';
+import sanitizeHtml from 'sanitize-html';
 
 type ServerAuthorizationCodeResponse = {
   // Success case
@@ -92,7 +93,7 @@ export class CodeLoopbackClient {
           res.writeHead(302, { location: redirectUri }); // Prevent auth code from being saved in the browser history
           res.end();
         } else {
-          res.end(`Authorization Server Error:${JSON.stringify(authCodeResponse)}`);
+          res.end(`Authorization Server Error:${sanitizeHtml(JSON.stringify(authCodeResponse))}`);
           reject(new Error(`Authorization Server Error:${JSON.stringify(authCodeResponse)}`));
         }
         resolve({ url, ...authCodeResponse });
@@ -467,7 +468,7 @@ export class OidcClient {
 
     if (response.status !== 200) {
       const error = await response.json();
-      throw new Error(`Failed to retrieve access token: ${response.status} ${error}`);
+      throw new Error(`Failed to retrieve access token: ${response.status} ${JSON.stringify(error)}`);
     }
 
     const { access_token, refresh_token } = await response.json();

diff --git a/src/utils/memoryCache.ts b/src/utils/memoryCache.ts
@@ -16,15 +16,15 @@ export class MemoryCache<T> {
         return this.caches.get(name) as MemoryCache<T>;
     }
 
-    public  get(key: string): T | undefined {
+    public get(key: string): T | undefined {
         return this.cache.get(key);
     }
 
-    public  set(key: string, value: T) {
+    public set(key: string, value: T) {
         this.cache.set(key, value);
     }
 
-    public  clear(): void {
+    public clear(): void {
         this.cache.clear();
     }
 }