renderError shows the failure page. html/template auto-escapes msg, so a hostile error_description cannot inject markup.
(w http.ResponseWriter, msg string)
| 150 | // renderError shows the failure page. html/template auto-escapes msg, so a |
| 151 | // hostile error_description cannot inject markup. |
| 152 | func renderError(w http.ResponseWriter, msg string) { |
| 153 | w.Header().Set("Content-Type", "text/html; charset=utf-8") |
| 154 | if err := errorTemplate.Execute(w, struct{ ErrorMessage string }{ErrorMessage: msg}); err != nil { |
| 155 | http.Error(w, "internal error", http.StatusInternalServerError) |
| 156 | } |
| 157 | } |