From b91306e70ea1c27944c23d157a4b7e81979366f8 Mon Sep 17 00:00:00 2001
From: Moyasee <terranoiz@icloud.com>
Date: Fri, 3 Oct 2025 16:16:33 +0300
Subject: [PATCH] fix: possible DoS

---
 src/shared/html-sanitizer.ts | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/shared/html-sanitizer.ts b/src/shared/html-sanitizer.ts
index 839c3b11..d2127635 100644
--- a/src/shared/html-sanitizer.ts
+++ b/src/shared/html-sanitizer.ts
@@ -21,12 +21,31 @@ function decodeHtmlEntities(text: string): string {
   });
 }
 
+function removeHtmlTags(html: string): string {
+  let result = "";
+  let inTag = false;
+  
+  for (let i = 0; i < html.length; i++) {
+    const char = html[i];
+    
+    if (char === "<") {
+      inTag = true;
+    } else if (char === ">") {
+      inTag = false;
+    } else if (!inTag) {
+      result += char;
+    }
+  }
+  
+  return result;
+}
+
 export function sanitizeHtml(html: string): string {
   if (!html || typeof html !== "string") {
     return "";
   }
 
-  let cleanText = html.replace(/<[^>]*>/g, "");
+  let cleanText = removeHtmlTags(html);
 
   cleanText = decodeHtmlEntities(cleanText);