fix: escape error.message on login failure
This commit is contained in:
parent
c505fc45a8
commit
22a22a8f7a
@ -41,7 +41,7 @@ const getRoot = async (req: Request, error?: Error): Promise<string> => {
|
|||||||
req,
|
req,
|
||||||
content
|
content
|
||||||
.replace(/{{PASSWORD_MSG}}/g, passwordMsg)
|
.replace(/{{PASSWORD_MSG}}/g, passwordMsg)
|
||||||
.replace(/{{ERROR}}/, error ? `<div class="error">${error.message}</div>` : ""),
|
.replace(/{{ERROR}}/, error ? `<div class="error">${escapeHtml(error.message)}</div>` : ""),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -112,8 +112,7 @@ router.post("/", async (req, res) => {
|
|||||||
|
|
||||||
throw new Error("Incorrect password")
|
throw new Error("Incorrect password")
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
const html = await getRoot(req, error)
|
const htmlToRender = await getRoot(req, error)
|
||||||
const escapedHtml = escapeHtml(html)
|
res.send(htmlToRender)
|
||||||
res.send(escapedHtml)
|
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
Reference in New Issue
Block a user