From 58ad0afaf43df0441f8f72e3909df155bf35ba81 Mon Sep 17 00:00:00 2001
From: Jamie Davis <davisjam@vt.edu>
Date: Sat, 24 Feb 2018 16:43:04 -0500
Subject: [PATCH] Fix: remove catastrophic backtracking vulnerability

Change template substitution regex to exclude fields with whitespace.
This addresses possible O(n^2) catastrophic backtracking behavior.

Very unlikely to be exploited. For #10002.
---
 lib/util/interpolate.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/util/interpolate.js b/lib/util/interpolate.js
index e0f2d027d19..cefdcca5454 100644
--- a/lib/util/interpolate.js
+++ b/lib/util/interpolate.js
@@ -13,7 +13,11 @@ module.exports = (text, data) => {
     if (!data) {
         return text;
     }
-    return text.replace(/\{\{\s*([^{}]+?)\s*\}\}/g, (fullMatch, term) => {
+
+    // Substitution content for any {{ }} markers.
+    return text.replace(/\{\{([^{}]+?)\}\}/g, (fullMatch, termWithWhitespace) => {
+        const term = termWithWhitespace.trim();
+
         if (term in data) {
             return data[term];
         }