Merge pull request #26 from arpitjain099/alert-autofix-13

Fix code scanning alert no. 13: Reflected server-side cross-site scripting
arpitjain099 · Oct 20, 2024 · 611af8e · 611af8e
2 parents 97d7256 + cde4d70
commit 611af8e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py
@@ -326,7 +326,7 @@ def get_user_resources(user_id: str):
     try:
         user_profile = entities_manager.get_user_profile(user_id)
         if user_profile is None:
-            return Response(response=f"User with user_id {user_id} not found.", status=404)
+            return Response(response=f"User with user_id {html.escape(user_id)} not found.", status=404)
         user_groups = entities_manager.get_user_member_groups(user_id)
         resources = permissions_manager.get_user_resources(user_profile, user_groups)