Skip to content

Potential fix for code scanning alert no. 2: Useless regular-expression character escape#33

Merged
dev-Ninjaa merged 1 commit into
mainfrom
alert-autofix-2
Feb 17, 2026
Merged

Potential fix for code scanning alert no. 2: Useless regular-expression character escape#33
dev-Ninjaa merged 1 commit into
mainfrom
alert-autofix-2

Conversation

@dev-Ninjaa

Copy link
Copy Markdown
Member

Potential fix for https://github.com/Luxion-Labs/PulmNotes/security/code-scanning/2

In general, the fix is to remove unnecessary backslashes before characters that do not need escaping in this context, ensuring the regex semantics remain unchanged. Here, the \- sequences appear inside character classes where - is already interpreted as a literal dash due to its position (between other characters, not creating a range). Therefore, the safest and simplest fix is to replace \- with - in the character classes.

Concretely, in editor/lib/tiptap-utils.ts at line 469, the pattern:

`^(?:(?:${allowedProtocols.join("|")}):|[^a-z]|[a-z0-9+.\-]+(?:[^a-z+.\-:]|$))`

should be updated so that \- becomes - in both character classes. The resulting regex template string will be:

`^(?:(?:${allowedProtocols.join("|")}):|[^a-z]|[a-z0-9+.-]+(?:[^a-z+.:-]|$))`

This keeps the behavior the same (matching alphanumerics, plus, dot, hyphen, etc.) while removing useless escapes. No new methods, imports, or definitions are needed elsewhere in the file.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…on character escape

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

@dev-Ninjaa dev-Ninjaa left a comment

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix is to remove unnecessary backslashes before characters that do not need escaping in this context, ensuring the regex semantics remain unchanged.

@dev-Ninjaa dev-Ninjaa marked this pull request as ready for review February 17, 2026 08:20
@dev-Ninjaa dev-Ninjaa merged commit 6a0be0e into main Feb 17, 2026
4 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant