codewalker/marked
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
marked/test/specs/redos/redos_nolink.md

2 lines
177 B
Markdown
Raw Normal View History

security: fix regexes vulnerable to catastrophic backtracking Problem: Four regexes were vulnerable to catastrophic backtracking. This leaves markdown servers open to a potential REDOS attack. Solution: Refactor the regexes. For two similar regexes (html) I didn't change the language. For two similar regexes (noline) I slightly changed the language: ![[[[[[[[[[[]] was accepted by the old noline pattern. It is now rejected. All tests pass, though I'm not sure if I've broken something that was untested. This addresses #1070 (with #1058 along the way). Bonus: rename a stray test to use _ instead of -.
2018-02-26 11:06:41 -05:00
![\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]\[[]!\
Copy Permalink