github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-29 10:26:49 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

fix(security): santize query param on error page

Browse Source
This commit is contained in:
Bereket Engida
2025-02-06 00:35:36 +03:00
parent 4c2efc1b66
commit 7ae340e2ed
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
packages/better-auth/src/api/routes/error.ts
View File

@@ -1,6 +1,15 @@
import { HIDE_METADATA } from "../../utils/hide-metadata";
import { createAuthEndpoint } from "../call";
function sanitize(input: string): string {
return input
.replace(/&/g, "&")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#39;");
}
const html = (errorCode: string = "Unknown") => `<!DOCTYPE html>
<html lang="en">
<head>
@@ -78,7 +87,9 @@ const html = (errorCode: string = "Unknown") => `<!DOCTYPE html>
<h1>Better Auth Error</h1>
<p>We encountered an issue while processing your request. Please try again or contact the application owner if the problem persists.</p>
<a href="/" id="returnLink" class="btn">Return to Application</a>
<div class="error-code">Error Code: <span id="errorCode">${errorCode}</span></div>
<div class="error-code">Error Code: <span id="errorCode">${sanitize(
errorCode,
)}</span></div>
</div>
</body>
</html>`;