Avoid XSS

testem · Feb 15, 2020 · a340e18 · a340e18
1 parent 3c2db4b
commit a340e18
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/server/index.js b/lib/server/index.js
@@ -157,7 +157,7 @@ class Server extends EventEmitter {
       if (err) {
         log.error(err.message);
         if (err.code === 'ENOENT') {
-          res.status(404).send(`Not found: ${req.url}`);
+          res.status(404).send(`Not found: ${req.url.replace(/&/g,'&amp;').replace(/</g,'&lt;')}`);
         } else {
           res.status(500).send(err.message);
         }