b15e42b67c
Problem: Four regexes were vulnerable to catastrophic backtracking. This leaves markdown servers open to a potential REDOS attack. Solution: Refactor the regexes. For two similar regexes (html) I didn't change the language. For two similar regexes (noline) I slightly changed the language: ![[[[[[[[[[[]] was accepted by the old noline pattern. It is now rejected. All tests pass, though I'm not sure if I've broken something that was untested. This addresses #1070 (with #1058 along the way). Bonus: rename a stray test to use _ instead of -.
13 lines
516 B
HTML
13 lines
516 B
HTML
<h3 id="heading-with-a-link">Heading with a <a href="http://github.com/">link</a></h3>
|
|
|
|
<h3 id="heading-with-some-italic-text">Heading with some <em>italic text</em></h3>
|
|
|
|
<h3 id="or-some-strong">Or some <strong>strong</strong></h3>
|
|
|
|
<p>(which doesn't really make any difference, here)</p>
|
|
|
|
<h3 id="or-even-code">Or even <code>code</code></h3>
|
|
|
|
<h3 id="what-about-strikethrough">What about <del>strikethrough</del></h3>
|
|
|
|
<h2 id="and-a-ref-link">And a ref <a href="/some/url" title="link to nowhere">link</a></h2> |