Skip to content

Commit

Permalink
Merge pull request #26 from Jonhvmp/alert-autofix-36
Browse files Browse the repository at this point in the history
Fix code scanning alert no. 36: Incomplete multi-character sanitization
  • Loading branch information
Jonhvmp authored Dec 13, 2024
2 parents 40ad108 + f104467 commit 23112b9
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion backend/src/models/Snippet.ts
Original file line number Diff line number Diff line change
Expand Up @@ -86,9 +86,10 @@ SnippetSchema.pre<ISnippet>('save', function (next) {

// Remover atributos perigosos
let previousCode;
const dangerousAttrRegex = /on\w+=(["'])(?:(?=(\\?))\2.)*?\1/g;
do {
previousCode = this.code;
this.code = this.code.replace(/on\w+="[^"]*"/g, '').replace(/on\w+='[^']*'/g, '');
this.code = this.code.replace(dangerousAttrRegex, '');
} while (this.code !== previousCode);

// Remover URLs perigosas em estilos inline
Expand Down

0 comments on commit 23112b9

Please sign in to comment.