templates/authorize.str in rodauth-oauth-0.7.4 vs templates/authorize.str in rodauth-oauth-0.8.0

@@ -1,27 +1,27 @@
 <form method="post" action="#{rodauth.authorize_path}" class="form-horizontal" role="form" id="authorize-form">
   #{csrf_tag(rodauth.authorize_path) if respond_to?(:csrf_tag)}
   <p class="lead">The application #{rodauth.oauth_application[rodauth.oauth_applications_name_column]} would like to access your data.</p>
 
   <div class="form-group">
-    <h1 class="display-6">#{rodauth.scopes_label}</h1>
+    <h1 class="display-6">#{rodauth.oauth_tokens_scopes_label}</h1>
 
     #{
       rodauth.scopes.map do |scope|
         if scope == rodauth.oauth_application_default_scope
           <<-HTML
             <div class="form-check">
-              <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{scope}" checked disabled>
-              <label class="form-check-label" for="#{scope}">#{scope}</label>
-              <input type="hidden" name="scope[]" value="#{scope}">
+              <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{h(scope)}" checked disabled>
+              <label class="form-check-label" for="#{scope}">#{h(scope)}</label>
+              <input type="hidden" name="scope[]" value="#{h(scope)}">
             </div>
           HTML
         else
           <<-HTML
             <div class="form-check">
-              <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{scope}">
-              <label class="form-check-label" for="#{scope}">#{scope}</label>
+              <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{h(scope)}">
+              <label class="form-check-label" for="#{scope}">#{h(scope)}</label>
             </div>
           HTML
         end
       end.join
     }
@@ -37,8 +37,8 @@
     #{"<input type=\"hidden\" name=\"code_challenge\" value=\"#{rodauth.param("code_challenge")}\"/>" if rodauth.param_or_nil("code_challenge")}
     #{"<input type=\"hidden\" name=\"code_challenge_method\" value=\"#{rodauth.param("code_challenge_method")}\"/>" if rodauth.param_or_nil("code_challenge_method")}
   </div>
   <p class="text-center">
     <input type="submit" class="btn btn-outline-primary" value="#{h(rodauth.oauth_authorize_button)}"/>
-    <a href="#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{ "&state=#{rodauth.param("state")}" if rodauth.param_or_nil("state")}" class="btn btn-outline-danger">Cancel</a>
+    <a href="#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{ "&state=#{rodauth.param("state")}" if rodauth.param_or_nil("state")}" class="btn btn-outline-danger">#{rodauth.oauth_cancel_button}</a>
   </p>
 </form>