From 7d486d73f4a797c10feea3e8603531e23c3e06a4 Mon Sep 17 00:00:00 2001
From: otdoges <otdoges@proton.me>
Date: Tue, 12 Aug 2025 13:49:36 -0500
Subject: [PATCH 1/2] Potential fix for code scanning alert no. 121: Incomplete
 multi-character sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/lib/search-service.ts | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/src/lib/search-service.ts b/src/lib/search-service.ts
index 8b5d9157..b3c32bed 100644
--- a/src/lib/search-service.ts
+++ b/src/lib/search-service.ts
@@ -316,12 +316,22 @@ export class BraveSearchService {
   }
 
   private extractTextContent(html: string): string {
-    return html
-      .replace(/<script[^>]*>.*?<\/script>/gi, '')
-      .replace(/<style[^>]*>.*?<\/style>/gi, '')
-      .replace(/<[^>]*>/g, ' ')
-      .replace(/\s+/g, ' ')
-      .trim();
+    let sanitized = html;
+    let previous;
+    // Remove all <script> tags (including content) repeatedly
+    do {
+      previous = sanitized;
+      sanitized = sanitized.replace(/<script[^>]*>.*?<\/script>/gis, '');
+    } while (sanitized !== previous);
+    // Remove all <style> tags (including content) repeatedly
+    do {
+      previous = sanitized;
+      sanitized = sanitized.replace(/<style[^>]*>.*?<\/style>/gis, '');
+    } while (sanitized !== previous);
+    // Remove all other HTML tags
+    sanitized = sanitized.replace(/<[^>]*>/g, ' ');
+    // Collapse whitespace and trim
+    return sanitized.replace(/\s+/g, ' ').trim();
   }
 }
 

From b53781adcba4c02ac18b446314e22b0632c80631 Mon Sep 17 00:00:00 2001
From: otdoges <otdoges@proton.me>
Date: Tue, 12 Aug 2025 13:54:37 -0500
Subject: [PATCH 2/2] Potential fix for code scanning alert no. 187: Bad HTML
 filtering regexp

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 package.json              |  3 ++-
 src/lib/search-service.ts | 24 ++++++++----------------
 2 files changed, 10 insertions(+), 17 deletions(-)

diff --git a/package.json b/package.json
index 0939c02b..b2934fdc 100644
--- a/package.json
+++ b/package.json
@@ -113,7 +113,8 @@
     "undici": "^5.28.5",
     "vaul": "^1.1.2",
     "vercel": "^44.7.3",
-    "zod": "^4.0.17"
+    "zod": "^4.0.17",
+    "cheerio": "^1.1.2"
   },
   "devDependencies": {
     "@eslint/js": "^9.33.0",
diff --git a/src/lib/search-service.ts b/src/lib/search-service.ts
index b3c32bed..49f6c9e9 100644
--- a/src/lib/search-service.ts
+++ b/src/lib/search-service.ts
@@ -1,7 +1,7 @@
 import * as Sentry from '@sentry/react';
 import { withTimeout } from './ai-utils';
 import { createTokenBucketRateLimiter } from './rate-limiter';
-
+import * as cheerio from 'cheerio';
 const { logger } = Sentry;
 
 // Simple in-memory rate limiter per session (client-side)
@@ -316,22 +316,14 @@ export class BraveSearchService {
   }
 
   private extractTextContent(html: string): string {
-    let sanitized = html;
-    let previous;
-    // Remove all <script> tags (including content) repeatedly
-    do {
-      previous = sanitized;
-      sanitized = sanitized.replace(/<script[^>]*>.*?<\/script>/gis, '');
-    } while (sanitized !== previous);
-    // Remove all <style> tags (including content) repeatedly
-    do {
-      previous = sanitized;
-      sanitized = sanitized.replace(/<style[^>]*>.*?<\/style>/gis, '');
-    } while (sanitized !== previous);
-    // Remove all other HTML tags
-    sanitized = sanitized.replace(/<[^>]*>/g, ' ');
+    // Use Cheerio to parse HTML and remove <script> and <style> tags
+    const $ = cheerio.load(html);
+    $('script').remove();
+    $('style').remove();
+    // Get the text content
+    const text = $.root().text();
     // Collapse whitespace and trim
-    return sanitized.replace(/\s+/g, ' ').trim();
+    return text.replace(/\s+/g, ' ').trim();
   }
 }