XSS vulnerabilities

# Issue

There are number of potential XSS vulnerabilities, for example block by hash does not validate incoming hash data, allowing attacker to include a custom script in it, f.e.:

```
https://insight.dash.org/insight-api/txs?block=0000000000000034808b113f895f8b20542a240a6ff5aae7554ebb3b6c58dcc1%27%22()%26%25%3Czzz%3E%3CSc
  RiPt%20%3Ealert(9125)%3C/ScRiPt%3E&pageNum=0
```

Results in

<img width="1319" alt="Image" src="https://github.com/user-attachments/assets/5da7ab18-484e-48c1-bf2b-6ef3ddcbad18" />


There are probably other unsafe places over the code, here's potential list compose by Claude AI:

```
  1. Original: common.js:14,17 - Error messages reflected without escaping
  2. 404 Handler: index.js:285 - req.originalUrl reflected in 404 response
  3. Messages: messages.js:29 - Exception messages from Message.verify()
  4. Addresses: addresses.js:120 - Exception messages from Address constructor
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

XSS vulnerabilities #108

Issue

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

XSS vulnerabilities #108

Description

Issue

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions