Security: Fix XSS vulnerability with exception text (CodeQL #7)

## Description
Exception text is being reinterpreted as HTML without proper escaping of meta-characters, creating a Cross-Site Scripting (XSS) vulnerability.

## Location
- File: index.js
- Lines: 116-127

## Issue
When an exception occurs, the error message is directly written to an HTTP response without sanitization, which can lead to a cross-site scripting vulnerability if an attacker can influence part of the error message.

## Recommendation
To fix this issue:
1. Implement proper HTML escaping before writing error messages to responses
2. Consider using contextual output encoding/escaping before writing error messages to the page
3. Use a secure sanitization library like DOMPurify or escape-html

## References
- [OWASP XSS Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html)
- [CWE-79: Improper Neutralization of Input During Web Page Generation](https://cwe.mitre.org/data/definitions/79.html)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: Fix XSS vulnerability with exception text (CodeQL #7) #20

Description

Location

Issue

Recommendation

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Security: Fix XSS vulnerability with exception text (CodeQL #7) #20

Description

Description

Location

Issue

Recommendation

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions