Skip to content

Commit

Permalink
Fix code scanning alert no. 37: Incomplete multi-character sanitization
Browse files Browse the repository at this point in the history 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
@Jonhvmp @github-advanced-security
Jonhvmp and github-advanced-security[bot] authored Dec 13, 2024
1 parent 23112b9 commit 10968e8
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion backend/src/models/Snippet.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ SnippetSchema.pre<ISnippet>('save', function (next) {

// Remover atributos perigosos
let previousCode;
const dangerousAttrRegex = /on\w+=(["'])(?:(?=(\\?))\2.)*?\1/g;
const dangerousAttrRegex = /on\w+=(["'])(?:(?=(\\?))\2.)*?\1|javascript:|data:|vbscript:/gi;
do {
previousCode = this.code;
this.code = this.code.replace(dangerousAttrRegex, '');

Check failure

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
on
Loading
, which may cause an HTML attribute injection vulnerability.
Expand Down

0 comments on commit 10968e8

Please sign in to comment.