Archived
1
0

fix: escape error.message on login failure

This commit is contained in:
Joe Previte 2021-06-30 09:53:04 -07:00
parent c505fc45a8
commit 22a22a8f7a
No known key found for this signature in database
GPG Key ID: 2C91590C6B742C24

View File

@ -41,7 +41,7 @@ const getRoot = async (req: Request, error?: Error): Promise<string> => {
req, req,
content content
.replace(/{{PASSWORD_MSG}}/g, passwordMsg) .replace(/{{PASSWORD_MSG}}/g, passwordMsg)
.replace(/{{ERROR}}/, error ? `<div class="error">${error.message}</div>` : ""), .replace(/{{ERROR}}/, error ? `<div class="error">${escapeHtml(error.message)}</div>` : ""),
) )
} }
@ -112,8 +112,7 @@ router.post("/", async (req, res) => {
throw new Error("Incorrect password") throw new Error("Incorrect password")
} catch (error) { } catch (error) {
const html = await getRoot(req, error) const htmlToRender = await getRoot(req, error)
const escapedHtml = escapeHtml(html) res.send(htmlToRender)
res.send(escapedHtml)
} }
}) })