Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Latte: Fixed exponential backtracking #2682

Merged
merged 1 commit into from Dec 31, 2020

Conversation

RunDevelopment
Copy link
Member

No description provided.

@github-actions
Copy link

JS File Size Changes (gzipped)

A total of 1 files have changed, with a combined diff of +9 B (+1.8%).

file master pull size diff % diff
components/prism-latte.min.js 513 B 522 B +9 B +1.8%

Generated by 🚫 dangerJS against bf29575

@RunDevelopment RunDevelopment merged commit 89f1e18 into PrismJS:master Dec 31, 2020
@RunDevelopment RunDevelopment deleted the latte-exp-bt-fix branch December 31, 2020 09:14
@joshgoebel
Copy link

Is the detector improving or this was just not dealt with before?

@RunDevelopment
Copy link
Member Author

This is one of the very few regexes that aren't checked by our detector. This was found using a CodeQL query.

@joshgoebel
Copy link

I'll assume it's something weird about how markup templating works or something that it's "special"... so much of our regex are generated at run-time but since the tests are running at run-time we just hook into the FINAL prepared regex and run them thru the checker.

@RunDevelopment
Copy link
Member Author

Yeah, we just check the regexes of all grammars. Markup templating also needs one additional regex to detect the embedded language and that regex isn't checked.

One way around that might be to override the exec/test methods in RegExp.prototype to run the detector on all patterns used to tokenize Prism's test cases.

This was referenced Mar 6, 2021
This was referenced Mar 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants