diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml
index eacf33585..15e4b0032 100644
--- a/.github/codeql-config.yml
+++ b/.github/codeql-config.yml
@@ -1,7 +1,6 @@
 
 paths-ignore:
   - 'js/prototype/prototype.js'
-  - 'js/mage/adminhtml/uploader/instance.js'
   - 'js/mage/adminhtml/wysiwyg/tiny_mce/setup.js'
   - 'js/prototype/validation.js'
   - 'js/extjs/ext-tree.js'
diff --git a/public/js/mage/adminhtml/uploader/instance.js b/public/js/mage/adminhtml/uploader/instance.js
index 6a7718fb8..9a95520d5 100644
--- a/public/js/mage/adminhtml/uploader/instance.js
+++ b/public/js/mage/adminhtml/uploader/instance.js
@@ -484,9 +484,7 @@
             return str
                 .stripScripts()
                 // Remove inline event handlers like onclick, onload, etc
-                .replace(/(on[a-z]+=["][^"]+["])(?=[^>]*>)/img, '')
-                .replace(/(on[a-z]+=['][^']+['])(?=[^>]*>)/img, '')
-            ;
+                .replace(/\s+on(?:\w|-)*\s*=\s*(?:"[^"]*"|'[^']*'|[^\s>]+)/img, '');
         }
     });
 })(window, document);