Fix code scanning alert no. 36: Incomplete multi-character sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Jonhvmp · Dec 13, 2024 · f104467 · f104467
1 parent 80a43b5
commit f104467
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/backend/src/models/Snippet.ts b/backend/src/models/Snippet.ts
@@ -86,9 +86,10 @@ SnippetSchema.pre<ISnippet>('save', function (next) {
 
   // Remover atributos perigosos
   let previousCode;
+  const dangerousAttrRegex = /on\w+=(["'])(?:(?=(\\?))\2.)*?\1/g;
   do {
     previousCode = this.code;
-    this.code = this.code.replace(/on\w+="[^"]*"/g, '').replace(/on\w+='[^']*'/g, '');
+    this.code = this.code.replace(dangerousAttrRegex, '');
   } while (this.code !== previousCode);
 
   // Remover URLs perigosas em estilos inline