cubetiq/ code-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix: escape error.message on login failure

This commit is contained in:
Joe Previte 2021-06-30 09:53:04 -07:00
parent c505fc45a8
commit 22a22a8f7a
No known key found for this signature in database
GPG Key ID: 2C91590C6B742C24
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/node/routes/login.ts
View File

@ -41,7 +41,7 @@ const getRoot = async (req: Request, error?: Error): Promise<string> => {
req,
content
.replace(/{{PASSWORD_MSG}}/g, passwordMsg)
.replace(/{{ERROR}}/, error ? `<div class="error">${error.message}</div>` : ""),
.replace(/{{ERROR}}/, error ? `<div class="error">${escapeHtml(error.message)}</div>` : ""),
)
}
@ -112,8 +112,7 @@ router.post("/", async (req, res) => {
throw new Error("Incorrect password")
} catch (error) {
const html = await getRoot(req, error)
const escapedHtml = escapeHtml(html)
res.send(escapedHtml)
const htmlToRender = await getRoot(req, error)
res.send(htmlToRender)
}
})