Add ESAPI encoder and encode error message

asgardeo · Apr 29, 2022 · ba6ef36 · ba6ef36
1 parent 1809d9a
commit ba6ef36
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/samples/asgardeo-express-app/index.js b/samples/asgardeo-express-app/index.js
@@ -20,6 +20,7 @@ const { AsgardeoExpressClient } = require("@asgardeo/auth-express");
 const express = require("express");
 const cookieParser = require("cookie-parser");
 const config = require("./config");
+const ESAPI = require('node-esapi');
 
 const limiter = rateLimit({
   max: 100,
@@ -55,7 +56,7 @@ const onSignOut = (res) => {
 //Define onError method to handle errors
 const onError = (res, error) => {
   if(error){
-    res.status(400).send(error ? JSON.stringify(error.message) : "Something went wrong");
+    res.status(400).send(error ? ESAPI.encoder().encodeForHTML(error.message) : "Something went wrong");
   }else{
     res.status(500).send("Something went wrong");
   }

diff --git a/samples/asgardeo-express-app/package.json b/samples/asgardeo-express-app/package.json
@@ -19,6 +19,7 @@
   "dependencies": {
     "@asgardeo/auth-express": "0.0.1",
     "cookie-parser": "^1.4.6",
-    "express": "^4.17.1"
+    "express": "^4.17.1",
+    "node-esapi": "^0.0.1"
   }
 }
diff --git a/yarn.lock b/yarn.lock
@@ -4017,6 +4017,11 @@ neo-async@^2.6.0:
   resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.2.tgz#b4aafb93e3aeb2d8174ca53cf163ab7d7308305f"
   integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==
 
+node-esapi@^0.0.1:
+  version "0.0.1"
+  resolved "https://registry.yarnpkg.com/node-esapi/-/node-esapi-0.0.1.tgz#6f4c456a14ebbd135a0f0d1766c30b2abf07198c"
+  integrity sha1-b0xFahTrvRNaDw0XZsMLKr8HGYw=
+
 [email protected], node-fetch@^2.6.1, node-fetch@^2.6.7:
   version "2.6.7"
   resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad"