diff --git a/.gitignore b/.gitignore
index 3107b7c..5b9fda2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
node_modules/
.DS_Store
*.log
+.worktrees/
spec/v4.new.json
spec/.issue-title.txt
spec/.issue-body.md
diff --git a/src/auth.js b/src/auth.js
index c07cfb2..9d5f807 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -1,6 +1,6 @@
import { createHash, randomBytes } from 'node:crypto';
import { createServer } from 'node:http';
-import { exec } from 'node:child_process';
+import { execFile } from 'node:child_process';
import { setTokens, getOAuthClientId, getRefreshToken, getOAuthRedirectUri } from './config.js';
const REDIRECT_PORT = 9876;
@@ -26,7 +26,7 @@ function openBrowser(url) {
process.platform === 'win32' ? 'start' :
process.platform === 'darwin' ? 'open' :
'xdg-open';
- exec(`${cmd} "${url}"`);
+ execFile(cmd, [url]);
}
function waitForCallback() {
@@ -42,8 +42,9 @@ function waitForCallback() {
server.close();
resolve(code);
} else {
+ const safeError = (error || 'Unknown error').replace(/&/g, '&').replace(//g, '>').replace(/"/g, '"');
res.writeHead(400, { 'Content-Type': 'text/html' });
- res.end(`Authorization failed
${error || 'Unknown error'}
`);
+ res.end(`Authorization failed
${safeError}
`);
server.close();
reject(new Error(`Authorization failed: ${error || 'unknown error'}`));
}