fix xss vulnerability (grafana#10559)

**What this PR does / why we need it**: XSS vulnerability of fmt.Sprintf. fmt.Sprintf would reflect part of the input in the output without escaping, which causes XSS.
JStickler · Sep 13, 2023 · 216fb75 · 216fb75
1 parent 5f7bde7
commit 216fb75
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pkg/sizing/http.go b/pkg/sizing/http.go
@@ -94,7 +94,7 @@ func (h *Handler) Nodes(w http.ResponseWriter, _ *http.Request) {
 
 func (h *Handler) respondError(w http.ResponseWriter, err error) {
 	w.WriteHeader(http.StatusBadRequest)
-	_, err = w.Write([]byte(fmt.Sprintf("error: %v", err)))
+	_, err = w.Write([]byte(fmt.Sprintf("error: %q", err)))
 	if err != nil {
 		level.Error(h.logger).Log("msg", "could not write error message", "error", err)
 	}