security: fix html tag and html.closing regexes

This address #1058.
markedjs · Feb 26, 2018 · 007f60b · 007f60b
1 parent 18a5588
commit 007f60b
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lib/marked.js b/lib/marked.js
@@ -55,7 +55,7 @@ block._tag = '(?!(?:'
 block.html = edit(block.html)
   .replace('comment', /<!--[\s\S]*?-->/)
   .replace('closed', /<(tag)[\s\S]+?<\/\1>/)
-  .replace('closing', /<tag(?:"[^"]*"|'[^']*'|\s[^'"\/>]*)*?\/?>/)
+  .replace('closing', /<tag(?:"[^"]*"|'[^']*'|\s[^'"\/>\s]*)*?\/?>/)
   .replace(/tag/g, block._tag)
   .getRegex();
 
@@ -461,7 +461,7 @@ var inline = {
   escape: /^\\([\\`*{}\[\]()#+\-.!_>])/,
   autolink: /^<(scheme:[^\s\x00-\x1f<>]*|email)>/,
   url: noop,
-  tag: /^<!--[\s\S]*?-->|^<\/?[a-zA-Z0-9\-]+(?:"[^"]*"|'[^']*'|\s[^<'">\/]*)*?\/?>/,
+  tag: /^<!--[\s\S]*?-->|^<\/?[a-zA-Z0-9\-]+(?:"[^"]*"|'[^']*'|\s[^<'">\/\s]*)*?\/?>/,
   link: /^!?\[(inside)\]\(href\)/,
   reflink: /^!?\[(inside)\]\s*\[([^\]]*)\]/,
   nolink: /^!?\[((?:\[[^\]]*\]|\\[\[\]]|[^\[\]])*)\]/,