Skip to content

Potential fix for code scanning alert no. 12: Incomplete multi-character sanitization#107

Merged
meraedit merged 1 commit into
masterfrom
alert-autofix-12
Jul 1, 2026
Merged

Potential fix for code scanning alert no. 12: Incomplete multi-character sanitization#107
meraedit merged 1 commit into
masterfrom
alert-autofix-12

Conversation

@meraedit

@meraedit meraedit commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Potential fix for https://github.com/Servoy/servoy-eclipse/security/code-scanning/12

To fix this safely without changing intended functionality, make script-stripping iterative until stable (fixed point), instead of a single pass. This directly addresses incomplete multi-character sanitization: if one removal pass reveals another match, subsequent passes remove it as well.

Best approach in this file:

  • In ngOnInit around the current line 40 logic, replace the one-time safeHtml.replace(externalScriptRegex, '') with a do...while loop that keeps applying the same global regex until no changes occur.
  • Keep existing behavior otherwise:
    • still process placeholders,
    • still remove external scripts from bound HTML,
    • still re-inject extracted external scripts with nonce from processedHtml.

No new imports or dependencies are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…ter sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@meraedit meraedit marked this pull request as ready for review July 1, 2026 15:08
@meraedit meraedit merged commit 4862a2e into master Jul 1, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant