Potential fix for code scanning alert no. 97: Incomplete URL scheme check

kemuru · github-advanced-security[bot] · web-flow · commit 20ae3a418878 · 2025-09-17T14:06:24.000+09:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/web/src/utils/markdownSanitization.ts b/web/src/utils/markdownSanitization.ts
@@ -47,6 +47,7 @@ export const sanitizeMarkdown = (markdown: string): string => {
   // Optional: Remove encoded protocols/entities as before
   sanitized = sanitized.replace(/javascript:/gi, "");
   sanitized = sanitized.replace(/vbscript:/gi, "");
+  sanitized = sanitized.replace(/data:/gi, "");
   sanitized = sanitized.replace(/&#x[0-9a-f]+;/gi, "");
   sanitized = sanitized.replace(/&#[0-9]+;/gi, "");
 
