1680: add sanitation of error-message from codeharbor

Author: kkoehn

app/services/exercise_service/push_external.rb

@@ -21,7 +21,7 @@ def execute
         if response.success?
           nil
         else
-          response.status == 401 ? I18n.t('exercises.export_codeharbor.not_authorized') : response.body
+          response.status == 401 ? I18n.t('exercises.export_codeharbor.not_authorized') : ERB::Util.html_escape(response.body)
         end
       rescue StandardError => e
         e.message

spec/services/exercise_service/push_external_spec.rb

@@ -49,11 +49,19 @@
 
       context 'when response status is 500' do
         let(:status) { 500 }
-        let(:response) { 'an error occured' }
+        let(:response) { 'an error occurred' }
 
-        it { is_expected.to be response }
+        it { is_expected.to eql response }
+
+        context 'when response contains problematic characters' do
+          let(:response) { 'an <error> occurred' }
+
+          it { is_expected.to eql 'an &lt;error&gt; occurred' }
+        end
       end
 
+
+
       context 'when response status is 401' do
         let(:status) { 401 }
         let(:response) { I18n.t('exercises.export_codeharbor.not_authorized') }