Errors that come from Auth0 in the redirect_uri callback may contain reflected user input via the OpenID Connect error and error_description query parameter.
You should not render the error message, or error and error_description properties without properly escaping them first.
Errors that come from Auth0 in the
redirect_uricallback may contain reflected user input via the OpenID Connecterroranderror_descriptionquery parameter. You should not render the errormessage, orerroranderror_descriptionproperties without properly escaping them first.