diff --git a/services/auth/source/oauth2/providers.go b/services/auth/source/oauth2/providers.go index 16620fad6dc3..7572aa20c0a1 100644 --- a/services/auth/source/oauth2/providers.go +++ b/services/auth/source/oauth2/providers.go @@ -56,7 +56,7 @@ func (p *AuthSourceProvider) DisplayName() string { func (p *AuthSourceProvider) IconHTML() template.HTML { if p.iconURL != "" { - img := fmt.Sprintf(`%s`, + img := fmt.Sprintf(`%s`, html.EscapeString(p.iconURL), html.EscapeString(p.DisplayName()), ) return template.HTML(img)