fix(error-response-plugin): percentage-encode path to limit XSS

Author: MegaManSec

src/plugins/default/error-response-plugin.ts

@@ -25,8 +25,16 @@ export const errorResponsePlugin: Plugin = (proxyServer, options) => {
         res.writeHead(statusCode);
       }
 
+      const encodedPath = req.url
+        .replace(/%/g, '%25')
+        .replace(/&/g, '%26')
+        .replace(/</g, '%3C')
+        .replace(/>/g, '%3E')
+        .replace(/"/g, '%22')
+        .replace(/'/g, '%27');
+
       const host = req.headers && req.headers.host;
-      res.end(`Error occurred while trying to proxy: ${host}${req.url}`);
+      res.end(`Error occurred while trying to proxy: ${host}${encodedPath}`);
     } else if (isSocketLike(res)) {
       res.destroy();
     }