From f104467f0be586392d947b9d6d9f287713a404e9 Mon Sep 17 00:00:00 2001
From: Jonh Alex <122692601+Jonhvmp@users.noreply.github.com>
Date: Fri, 13 Dec 2024 16:35:21 -0300
Subject: [PATCH] Fix code scanning alert no. 36: Incomplete multi-character
 sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 backend/src/models/Snippet.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/src/models/Snippet.ts b/backend/src/models/Snippet.ts
index 625d43b..e0ab7b7 100644
--- a/backend/src/models/Snippet.ts
+++ b/backend/src/models/Snippet.ts
@@ -86,9 +86,10 @@ SnippetSchema.pre<ISnippet>('save', function (next) {
 
   // Remover atributos perigosos
   let previousCode;
+  const dangerousAttrRegex = /on\w+=(["'])(?:(?=(\\?))\2.)*?\1/g;
   do {
     previousCode = this.code;
-    this.code = this.code.replace(/on\w+="[^"]*"/g, '').replace(/on\w+='[^']*'/g, '');
+    this.code = this.code.replace(dangerousAttrRegex, '');
   } while (this.code !== previousCode);
 
   // Remover URLs perigosas em estilos inline