diff --git a/djangosaml2/tests/__init__.py b/djangosaml2/tests/__init__.py index 18cfa4f3..251c3549 100644 --- a/djangosaml2/tests/__init__.py +++ b/djangosaml2/tests/__init__.py @@ -308,8 +308,8 @@ def test_unknown_idp(self): metadata_file="remote_metadata_three_idps.xml", ) - response = self.client.get(reverse("saml2_login") + "?idp=https://unknown.org") - self.assertEqual(response.status_code, 403) + response = self.client.get(reverse("saml2_login") + "?idp=https://unknown.org") + self.assertContains(response, "<b>https://unknown.org</b>", status_code=403) def test_login_authn_context(self): sp_kwargs = { diff --git a/djangosaml2/views.py b/djangosaml2/views.py index 7bde83ec..9b2d9e93 100644 --- a/djangosaml2/views.py +++ b/djangosaml2/views.py @@ -30,6 +30,7 @@ from django.template import TemplateDoesNotExist from django.urls import reverse from django.utils.decorators import method_decorator +from django.utils.html import escape from django.utils.module_loading import import_string from django.utils.translation import gettext_lazy as _ from django.views.decorators.csrf import csrf_exempt @@ -152,9 +153,9 @@ def get_next_path(self, request: HttpRequest) -> str: return next_path def unknown_idp(self, request, idp): - msg = f"Error: IdP EntityID {idp} was not found in metadata" + msg = f"Error: IdP EntityID {escape(idp)} was not found in metadata" logger.error(msg) - return HttpResponse(msg.format("Please contact technical support."), status=403) + return HttpResponse(msg, status=403) def load_sso_kwargs_scoping(self, sso_kwargs): """Performs IdP Scoping if scoping param is present.""" diff --git a/setup.py b/setup.py index c805d008..7576e96c 100644 --- a/setup.py +++ b/setup.py @@ -27,7 +27,7 @@ def read(*rnames): setup( name="djangosaml2", - version="1.5.5", + version="1.5.6", description="pysaml2 integration for Django", long_description=read("README.md"), long_description_content_type="text/markdown",