Skip to content

Potential fix for code scanning alert no. 33: Bad HTML filtering regexp#56

Merged
johnteee merged 1 commit into
mainfrom
alert-autofix-33
Jun 5, 2026
Merged

Potential fix for code scanning alert no. 33: Bad HTML filtering regexp#56
johnteee merged 1 commit into
mainfrom
alert-autofix-33

Conversation

@johnteee

@johnteee johnteee commented Jun 5, 2026

Copy link
Copy Markdown
Member

Potential fix for https://github.com/TeaEntityLab/teaAgent/security/code-scanning/33

The best fix is to update the _MARKER_COMMENT regex to recognize both standard HTML comment end (-->) and browser-tolerated variant (--!>), while preserving all existing matches and behavior.

In teaagent/spec_grounding.py, replace the HTML comment end fragment in _MARKER_COMMENT from --> to a pattern that matches both forms, e.g. --!?\>. A clean readable option is --!?\> (equivalent to --!?> in Python regex), which matches --> and --!>. This is the minimal, functionality-preserving change and directly addresses the CodeQL finding without altering surrounding logic.

No new methods or imports are required.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@johnteee johnteee marked this pull request as ready for review June 5, 2026 15:27
@johnteee johnteee merged commit 05d6f56 into main Jun 5, 2026
12 of 16 checks passed
@johnteee johnteee deleted the alert-autofix-33 branch June 5, 2026 15:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant