diff --git a/src/node/routes/login.ts b/src/node/routes/login.ts index 2b160f253..63991165c 100644 --- a/src/node/routes/login.ts +++ b/src/node/routes/login.ts @@ -41,7 +41,7 @@ const getRoot = async (req: Request, error?: Error): Promise => { req, content .replace(/{{PASSWORD_MSG}}/g, passwordMsg) - .replace(/{{ERROR}}/, error ? `
${error.message}
` : ""), + .replace(/{{ERROR}}/, error ? `
${escapeHtml(error.message)}
` : ""), ) } @@ -112,8 +112,7 @@ router.post("/", async (req, res) => { throw new Error("Incorrect password") } catch (error) { - const html = await getRoot(req, error) - const escapedHtml = escapeHtml(html) - res.send(escapedHtml) + const htmlToRender = await getRoot(req, error) + res.send(htmlToRender) } })