security: fix for code scanning alert no. 11: Incomplete multi-character sanitization (#3804)

* security: fix for code scanning alert no. 11: Incomplete multi-character sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* fix: use dotAll flag to match multi-line HTML comments

Add the 's' flag to the comment-stripping regex so '.' matches
newlines, ensuring comments spanning multiple lines are also removed.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Huang Xin
2026-04-09 12:54:20 +08:00
committed by GitHub
parent 373420bb0c
commit dc788283ad
+7 -1
View File
@@ -547,7 +547,13 @@ export class TxtToEpubConverter {
): number {
const { language } = metadata;
const { fallbackParagraphsPerChapter } = option;
const trimmedSegment = segment.replace(/<!--.*?-->/g, '').trim();
let sanitizedSegment = segment;
let previousSegment: string;
do {
previousSegment = sanitizedSegment;
sanitizedSegment = sanitizedSegment.replace(/<!--.*?-->/gs, '');
} while (sanitizedSegment !== previousSegment);
const trimmedSegment = sanitizedSegment.trim();
if (!trimmedSegment) return 0;
const chapterRegexps = this.createChapterRegexps(language);