From d702ba8b5b1d44374914c03baebaf77e6f161d26 Mon Sep 17 00:00:00 2001
From: n3m01726 <118871349+n3m01726@users.noreply.github.com>
Date: Sun, 29 Mar 2026 18:12:34 -0400
Subject: [PATCH] Potential fix for code scanning alert no. 12: Incomplete
 multi-character sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/api/middlewares/validation.js | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/api/middlewares/validation.js b/src/api/middlewares/validation.js
index dbfd227..3ec9b61 100644
--- a/src/api/middlewares/validation.js
+++ b/src/api/middlewares/validation.js
@@ -28,11 +28,16 @@ const apiKeySchema = z.object({
 // Fonction de sanitization
 function sanitizeInput (input) {
   if (typeof input === 'string') {
-    return input
-      .trim()
-      .replace(/[<>]/g, '') // Supprimer les balises HTML basiques
-      .replace(/javascript:/gi, '') // Supprimer les protocoles dangereux
-      .replace(/on\w+=/gi, ''); // Supprimer les événements JavaScript
+    let sanitized = input.trim();
+    let previous;
+    do {
+      previous = sanitized;
+      sanitized = sanitized
+        .replace(/[<>]/g, '') // Supprimer les balises HTML basiques
+        .replace(/javascript:/gi, '') // Supprimer les protocoles dangereux
+        .replace(/on\w+=/gi, ''); // Supprimer les événements JavaScript
+    } while (sanitized !== previous);
+    return sanitized;
   }
   return input;
 }