From be38615afde03371a4b5cbb7eff364fa680de93b Mon Sep 17 00:00:00 2001
From: Roman Rizzi <rizziromanalejandro@gmail.com>
Date: Tue, 26 Oct 2021 09:46:25 -0300
Subject: [PATCH] FEATURE: Mark omniauth failures as HTML safe. (#14713)

Plugins can add HTML elements to auth error messages.
---
 app/controllers/users/omniauth_callbacks_controller.rb | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb
index 6a9253b6f34..7850cf2c67a 100644
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@@ -98,8 +98,14 @@ class Users::OmniauthCallbacksController < ApplicationController
   end
 
   def failure
-    error_key = params[:message].to_s.gsub(/[^\w-]/, "") || "generic"
-    flash[:error] = I18n.t("login.omniauth_error.#{error_key}", default: I18n.t("login.omniauth_error.generic"))
+    error_key = params[:message].to_s.gsub(/[^\w-]/, "")
+    error_key = "generic" if error_key.blank?
+
+    flash[:error] = I18n.t(
+      "login.omniauth_error.#{error_key}",
+      default: I18n.t("login.omniauth_error.generic")
+    ).html_safe
+
     render 'failure'
   end