From 0c4e62a761d74053492e03922c4a489f14ff1007 Mon Sep 17 00:00:00 2001
From: MrWaradana <muhammadridhowaradana@gmail.com>
Date: Fri, 6 Feb 2026 16:37:45 +0700
Subject: [PATCH] feat: Compile XSS and SQLi string patterns into regex
 objects.

---
 src/middleware.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/middleware.py b/src/middleware.py
index c909983..3127020 100644
--- a/src/middleware.py
+++ b/src/middleware.py
@@ -20,8 +20,11 @@ MAX_JSON_BODY_SIZE = 1024 * 100  # 100 KB
 
 # Very targeted patterns. Avoid catastrophic regex nonsense.
 XSS_PATTERN_STR = r"(<script|</script|javascript:|onerror\s*=|onload\s*=|<svg|<img)"
+XSS_PATTERN = re.compile(XSS_PATTERN_STR, re.IGNORECASE)
 
 SQLI_PATTERN_STR = r"(\bUNION\b|\bSELECT\b|\bINSERT\b|\bDELETE\b|\bDROP\b|--|\bOR\b\s+1=1)"
+SQLI_PATTERN = re.compile(SQLI_PATTERN_STR, re.IGNORECASE)
+
 
 # JSON prototype pollution keys
 FORBIDDEN_JSON_KEYS = {"__proto__", "constructor", "prototype"}