Sanitizing URLs and form data to prevent XSS attacks

[MyNameIsOka]

Hi everybody,

I am looking to improve the security for a project I am working on and want to sanitize/validate the URLs and formData to prevent XSS attacks.
I don't have a lot experience in this so I would like to ask you guys about best practices or if that is even necessary or what tools you recommend.

Basically, there are two scenarios as far as I understand.

Scenario 1: sanitizing URL

export const loader = async ({ request }: LoaderFunctionArgs) => {


  const url = new URL(sanitizeUrl(request.url));
  const searchParams = new URLSearchParams(url.search);

  const error = searchParams.get('error');
  const errorDetails = searchParams.get('error_description');

  if (error) {
    if (errorDetails) {
      // Redirect to page which shows error details
      const encodedErrorDetails = encodeURIComponent(errorDetails);
      return redirect(`/tryagain?error_description=${encodedErrorDetails}`);
    } else {
      // If errorDetails is not alphanumeric or is null, redirect to a generic error page
      return redirect('/tryagain?error_description=Invalid error details');
    }
  } else {
  // Continue with authentication if there are no errors
  return authenticator.authenticate('auth0', request, {
    successRedirect: '/console/dashboard',
    failureRedirect: '/login',
  });
}
};

Scenario 2: sanitizing/validating formData

export const action: ActionFunction = async ({ request }) => {
  await authenticator.isAuthenticated(request, {
    failureRedirect: '/login',
  });

  const formData = new URLSearchParams(await request.text());
  const email = validator.escape(validator.trim(formData.get('email') || ''));
  const inviterName = validator.escape(validator.trim(formData.get('inviterName') || ''));
  const organizationId = validator.escape(validator.trim(formData.get('organizationId') || ''));

  if (!validator.isEmail(email)) {
    return new Response('no email', { status: 400 });
  }

  if (!inviterName) {
    return new Response('no inviterName', { status: 400 });
  }

  if (!organizationId) {
    return new Response('no organizationId', { status: 400 });
  }

// continue with rest of logic...

I am using https://github.com/braintree/sanitize-url and https://github.com/validatorjs/validator.js but are there any other tools you would recommend?

Any tips and insights are very welcome!

Thanks a lot,
Oka