From a3f916fc9312bedffbd6d7e918bbae35dacc78cb Mon Sep 17 00:00:00 2001
From: David Cook <david@redcliffs.net>
Date: Wed, 22 Jan 2025 10:54:56 +1100
Subject: [PATCH] [fixup] Sanitise content from external source

---
 app/controllers/admin/dfc_product_imports_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/admin/dfc_product_imports_controller.rb b/app/controllers/admin/dfc_product_imports_controller.rb
index 5e01c3b9f3..3e1710f984 100644
--- a/app/controllers/admin/dfc_product_imports_controller.rb
+++ b/app/controllers/admin/dfc_product_imports_controller.rb
@@ -38,7 +38,7 @@ module Admin
     rescue Rack::OAuth2::Client::Error => e
       flash[:error] = I18n.t(
         'admin.dfc_product_imports.index.oauth_error_html',
-        message: e.message,
+        message: ActionController::Base.helpers.sanitize(e.message),
         oidc_settings_link: ActionController::Base.helpers.link_to(
           I18n.t('spree.admin.tab.oidc_settings'), Rails.application.routes.url_helpers.admin_oidc_settings_path
         )