security: fix catastrophic backtracking vulnerability

Change template substitution regex to exclude fields with whitespace. This addresses possible O(n^2) catastrophic backtracking behavior. Very unlikely to be exploited. For eslint#10002.
davisjam · Feb 24, 2018 · 42ebc8c · 42ebc8c
1 parent 558ccba
commit 42ebc8c
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/lib/util/interpolate.js b/lib/util/interpolate.js
@@ -13,7 +13,12 @@ module.exports = (text, data) => {
     if (!data) {
         return text;
     }
-    return text.replace(/\{\{\s*([^{}]+?)\s*\}\}/g, (fullMatch, term) => {
+
+    // Substitution content for any {{ }} markers.
+    return text.replace(/\{\{([^{}]+?)\}\}/g, (fullMatch, term) => {
+
+        // Strip leading and trailing whitespace.
+        term = term.replace(/^\s+|\s+$/g, "");
         if (term in data) {
             return data[term];
         }