Potential fix for code scanning alert no. 6: Exception text reinterpreted as HTML

tsjnsn · github-advanced-security[bot] · web-flow · commit fe0d5441407c · 2025-02-06T10:59:19.000-06:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/server/package.json b/server/package.json
@@ -16,7 +16,8 @@
     "discord.js": "^14.14.1",
     "dotenv": "^16.4.5",
     "express": "^4.18.3",
-    "node-fetch": "^2.7.0"
+    "node-fetch": "^2.7.0",
+    "he": "^1.2.0"
   },
   "devDependencies": {
     "nodemon": "^3.1.0"
diff --git a/server/src/AuthServer.js b/server/src/AuthServer.js
@@ -1,6 +1,7 @@
 const express = require('express');
 const fetch = require('node-fetch');
 const cors = require('cors');
+const he = require('he');
 
 class AuthServer {
     constructor(discordBot) {
@@ -93,7 +94,7 @@ class AuthServer {
                     const errorData = Buffer.from(JSON.stringify({ error: message })).toString('base64');
                     return res.redirect(`${clientRedirectUri}?error=${errorData}`);
                 } else {
-                    return res.status(400).send(`Authentication error: ${message}. Please close this window and try again.`);
+                    return res.status(400).send(`Authentication error: ${he.encode(message)}. Please close this window and try again.`);
                 }
             };
             
