From 794cd30f343fd81750281f96835f7a89c63965f6 Mon Sep 17 00:00:00 2001
From: Thomas <thomas.de.bock@persgroep.be>
Date: Mon, 31 Aug 2020 09:55:36 +0200
Subject: [PATCH] Very basic XSS prevention

---
 authn/openid.index.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/authn/openid.index.js b/authn/openid.index.js
index 898c272..8954e75 100644
--- a/authn/openid.index.js
+++ b/authn/openid.index.js
@@ -294,9 +294,9 @@ function unauthorized(error, error_description, error_uri, callback) {
   </html>
   `;
 
-  page = page.replace(/%error%/g, error);
-  page = page.replace(/%error_description%/g, error_description);
-  page = page.replace(/%error_uri%/g, error_uri);
+  page = page.replace(/%error%/g, encodeURI(error));
+  page = page.replace(/%error_description%/g, encodeURI(error_description));
+  page = page.replace(/%error_uri%/g, encodeURI(error_uri));
 
   // Unauthorized access attempt. Reset token and nonce cookies
   const response = {