From 403f41f0786b896ff998628b5712d1ff2b8a26d7 Mon Sep 17 00:00:00 2001
From: Dmytro Stanchiev <git@dmytros.dev>
Date: Mon, 6 Apr 2026 23:26:09 -0400
Subject: [PATCH] fix(auth): sanitize error messages in error page

Add basic XSS sanitization by removing angle brackets from error
URL parameters before rendering.
---
 src/app/auth/error/page.tsx | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/app/auth/error/page.tsx b/src/app/auth/error/page.tsx
index 3e4861b..6a493a3 100644
--- a/src/app/auth/error/page.tsx
+++ b/src/app/auth/error/page.tsx
@@ -9,9 +9,14 @@ import { Suspense } from "react"
 function Search() {
   const searchParams = useSearchParams()
   const errorMessage = searchParams.get('error')
+  
+  // Sanitize error message to prevent XSS
+  const sanitizedError = errorMessage 
+    ? errorMessage.replace(/[<>]/g, '') 
+    : 'An authentication error occurred'
 
   return (<div className="text-center p-3 bg-background rounded-lg">
-    {errorMessage}
+    {sanitizedError}
   </div>)
 }