Allow html in banner message (#462)

* allow html in banner message * Fix changelog (move under new version)
2025-07-03 01:07:02 +02:00 · 2020-04-04 17:01:11 +03:00
parent 3f7837b955
commit bdc686103e
3 changed files with 6 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -20,6 +20,7 @@
  - Binaries renamed from `oauth2_proxy` to `oauth2-proxy`
 - [#432](https://github.com/oauth2-proxy/oauth2-proxy/pull/432) Update ruby dependencies for documentation (@theobarberbany)
 - [#471](https://github.com/oauth2-proxy/oauth2-proxy/pull/471) Add logging in case of invalid redirects (@gargath)
 - [#462](https://github.com/oauth2-proxy/oauth2-proxy/pull/462) Allow HTML in banner message (@eritikass).
 # v5.1.0
@ -53,6 +54,7 @@ N/A
 - [#405](https://github.com/oauth2-proxy/oauth2-proxy/pull/405) The `/sign_in` page now honors the `rd` query parameter, fixing the redirect after a successful authentication (@ti-mo)
 - [#434](https://github.com/oauth2-proxy/oauth2-proxy/pull/434) Give the option to prefer email address in the username header when using the -pass-user-headers option (@jordancrawfordnz)
 # v5.0.0
 ## Release Hightlights
--- a/docs/configuration/configuration.md
+++ b/docs/configuration/configuration.md
@ -49,8 +49,8 @@ An example [oauth2-proxy.cfg]({{ site.gitweb }}/contrib/oauth2-proxy.cfg.example
 | `-exclude-logging-paths` | string | comma separated list of paths to exclude from logging, eg: `"/ping,/path2"` |`""` (no paths excluded) |
 | `-flush-interval` | duration | period between flushing response buffers when streaming responses | `"1s"` |
 | `-force-https` | bool | enforce https redirect | `false` |
-| `-banner` | string | custom banner string. Use `"-"` to disable default banner. | |
+| `-banner` | string | custom (html) banner string. Use `"-"` to disable default banner. | |
-| `-footer` | string | custom footer string. Use `"-"` to disable default footer. | |
+| `-footer` | string | custom (html) footer string. Use `"-"` to disable default footer. | |
 | `-gcp-healthchecks` | bool | will enable `/liveness_check`, `/readiness_check`, and `/` (with the proper user-agent) endpoints that will make it work well with GCP App Engine and GKE Ingresses | false |
 | `-github-org` | string | restrict logins to members of this organisation | |
 | `-github-team` | string | restrict logins to members of any of these teams (slug), separated by a comma | |
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -469,7 +469,7 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
 	t := struct {
 		ProviderName  string
-		SignInMessage string
+		SignInMessage template.HTML
 		CustomLogin   bool
 		Redirect      string
 		Version       string
@ -477,7 +477,7 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
 		Footer        template.HTML
 	}{
 		ProviderName:  p.provider.Data().ProviderName,
-		SignInMessage: p.SignInMessage,
+		SignInMessage: template.HTML(p.SignInMessage),
 		CustomLogin:   p.displayCustomLoginForm(),
 		Redirect:      redirectURL,
 		Version:       VERSION,