From 3144fa6bf04b4e7452f85c00eaf192eea189a0d2 Mon Sep 17 00:00:00 2001
From: makaronz <48864260+makaronz@users.noreply.github.com>
Date: Wed, 16 Jul 2025 05:07:28 +0200
Subject: [PATCH] Potential fix for code scanning alert no. 7: Incomplete URL
 scheme check

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/backend/routes/aiProxyRoutes.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/backend/routes/aiProxyRoutes.ts b/src/backend/routes/aiProxyRoutes.ts
index 5983ca1..e5d6d0e 100644
--- a/src/backend/routes/aiProxyRoutes.ts
+++ b/src/backend/routes/aiProxyRoutes.ts
@@ -314,6 +314,8 @@ function sanitizeInput(input: string): string {
   return input
     .replace(/[<>]/g, '') // Remove potential HTML tags
     .replace(/javascript:/gi, '') // Remove javascript: URLs
+    .replace(/data:/gi, '') // Remove data: URLs
+    .replace(/vbscript:/gi, '') // Remove vbscript: URLs
     .replace(/on\w+=/gi, '') // Remove event handlers
     .trim();
 }