Skip to content

Potential fix for code scanning alert no. 4: Double escaping or unescaping#2

Merged
PRATHAM777P merged 1 commit into
mainfrom
alert-autofix-4
Apr 27, 2026
Merged

Potential fix for code scanning alert no. 4: Double escaping or unescaping#2
PRATHAM777P merged 1 commit into
mainfrom
alert-autofix-4

Conversation

@PRATHAM777P
Copy link
Copy Markdown
Owner

@PRATHAM777P PRATHAM777P commented Apr 27, 2026

Potential fix for https://github.com/PRATHAM777P/AlphaMind/security/code-scanning/4

Fix by reordering entity replacements so & is decoded last among named entities.
General rule: when unescaping, decode escape introducers (here &...) last to avoid creating new sequences that are then decoded again in the same pass.

Best minimal fix in src/tools/fetch/web-fetch-utils.ts:

  • In decodeEntities, move .replace(/&/gi, "&") to after all other entity replacements (including numeric references).
  • Keep all existing behavior otherwise unchanged.

No new imports, methods, or dependencies are required.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@PRATHAM777P @github-advanced-security
Potential fix for code scanning alert no. 4: Double escaping or unesc…
ce25b8b 
…aping

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@PRATHAM777P PRATHAM777P marked this pull request as ready for review April 27, 2026 18:15
@PRATHAM777P PRATHAM777P merged commit bc8fb91 into main Apr 27, 2026
2 checks passed
@PRATHAM777P PRATHAM777P deleted the alert-autofix-4 branch April 27, 2026 18:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PRATHAM777P