From c3fc3b59d94724046b66679113d0ded7e3f6a42f Mon Sep 17 00:00:00 2001
From: Mira <163523387+Mira190@users.noreply.github.com>
Date: Fri, 10 Oct 2025 14:54:51 +1100
Subject: [PATCH] Potential fix for code scanning alert no. 3: Incomplete
 multi-character sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 app/docs/[...slug]/page.tsx | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/app/docs/[...slug]/page.tsx b/app/docs/[...slug]/page.tsx
index 0d20f06..ba03518 100644
--- a/app/docs/[...slug]/page.tsx
+++ b/app/docs/[...slug]/page.tsx
@@ -17,11 +17,17 @@ import path from "path";
 
 // Extract clean text content from MDX
 function extractTextFromMDX(content: string): string {
-  return content
+  let text = content
     .replace(/^---[\s\S]*?---/m, "") // Remove frontmatter
     .replace(/```[\s\S]*?```/g, "") // Remove code blocks
-    .replace(/`([^`]+)`/g, "$1") // Remove inline code
-    .replace(/<[^>]+>/g, "") // Remove HTML/MDX tags
+    .replace(/`([^`]+)`/g, "$1"); // Remove inline code
+  // Remove HTML/MDX tags recursively to prevent incomplete multi-character sanitization
+  let prevText;
+  do {
+    prevText = text;
+    text = text.replace(/<[^>]+>/g, "");
+  } while (text !== prevText);
+  return text
     .replace(/\*\*([^*]+)\*\*/g, "$1") // Remove bold
     .replace(/\*([^*]+)\*/g, "$1") // Remove italic
     .replace(/#{1,6}\s+/g, "") // Remove headers