Merge pull request #23 from Jonhvmp/alert-autofix-26

Fix code scanning alert no. 26: Incomplete multi-character sanitization
Jonhvmp · Dec 7, 2024 · 540eedb · 540eedb
2 parents fb4d9cc + 133372f
commit 540eedb
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/backend/src/models/Snippet.ts b/backend/src/models/Snippet.ts
@@ -85,7 +85,11 @@ SnippetSchema.pre<ISnippet>('save', function (next) {
   this.code = this.code.replace(/</g, '&lt;').replace(/>/g, '&gt;');
 
   // Remover atributos perigosos
-  this.code = this.code.replace(/on\w+="[^"]*"/g, '').replace(/on\w+='[^']*'/g, '');
+  let previousCode;
+  do {
+    previousCode = this.code;
+    this.code = this.code.replace(/on\w+="[^"]*"/g, '').replace(/on\w+='[^']*'/g, '');
+  } while (this.code !== previousCode);
 
   // Remover URLs perigosas em estilos inline
   this.code = this.code.replace(/style\s*=\s*["'][^"']*(javascript|data|vbscript):[^"']*["']/gi, 'style=""');