From 952e62e667f305fb6416b486de2414d7dbf9543c Mon Sep 17 00:00:00 2001
From: Studio Frames <jetflow.js@gmail.com>
Date: Fri, 26 Jun 2026 16:27:53 +0530
Subject: [PATCH] Potential fix for code scanning alert no. 8: Incomplete
 multi-character sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/services/textService.js | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/services/textService.js b/src/services/textService.js
index 2ba739d..a417f0d 100644
--- a/src/services/textService.js
+++ b/src/services/textService.js
@@ -153,8 +153,13 @@ async function optimizeText(buffer, mimeType, method) {
       output = result.data;
     } else if (mimeType === 'application/xml' || mimeType === 'text/xml') {
       // --- XML ---
-      // Strip XML comments
-      output = input.replace(/<!--[\s\S]*?-->/g, '');
+      // Strip XML comments (repeat until stable to avoid incomplete multi-character sanitization)
+      output = input;
+      let previousOutput;
+      do {
+        previousOutput = output;
+        output = output.replace(/<!--[\s\S]*?-->/g, '');
+      } while (output !== previousOutput);
       // Collapse whitespace between tags
       output = output.replace(/>\s+</g, '><');
       if (isExtreme) {