Skip to content
This repository has been archived by the owner on Feb 11, 2023. It is now read-only.

Commit

Permalink
Merge pull request #74 from thomasdbock/thomasdbock-prevent-xss
Browse files Browse the repository at this point in the history 
Very basic XSS prevention
  • Loading branch information
@payton
payton committed Sep 7, 2020
2 parents 84ceb51 + 794cd30 commit ec2ec47
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions authn/openid.index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -294,9 +294,9 @@ function unauthorized(error, error_description, error_uri, callback) {
</html>
`;

page = page.replace(/%error%/g, error);
page = page.replace(/%error_description%/g, error_description);
page = page.replace(/%error_uri%/g, error_uri);
page = page.replace(/%error%/g, encodeURI(error));
page = page.replace(/%error_description%/g, encodeURI(error_description));
page = page.replace(/%error_uri%/g, encodeURI(error_uri));

// Unauthorized access attempt. Reset token and nonce cookies
const response = {
Expand Down

0 comments on commit ec2ec47

Please sign in to comment.