From 007f60b69826e670a7652f36ea5473dd93cd2f80 Mon Sep 17 00:00:00 2001
From: Jamie Davis <davisjam@vt.edu>
Date: Mon, 26 Feb 2018 12:36:23 -0500
Subject: [PATCH] security: fix html tag and html.closing regexes

This address #1058.
---
 lib/marked.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/marked.js b/lib/marked.js
index 5ca95941ec..a3dce91e8b 100644
--- a/lib/marked.js
+++ b/lib/marked.js
@@ -55,7 +55,7 @@ block._tag = '(?!(?:'
 block.html = edit(block.html)
   .replace('comment', /<!--[\s\S]*?-->/)
   .replace('closed', /<(tag)[\s\S]+?<\/\1>/)
-  .replace('closing', /<tag(?:"[^"]*"|'[^']*'|\s[^'"\/>]*)*?\/?>/)
+  .replace('closing', /<tag(?:"[^"]*"|'[^']*'|\s[^'"\/>\s]*)*?\/?>/)
   .replace(/tag/g, block._tag)
   .getRegex();
 
@@ -461,7 +461,7 @@ var inline = {
   escape: /^\\([\\`*{}\[\]()#+\-.!_>])/,
   autolink: /^<(scheme:[^\s\x00-\x1f<>]*|email)>/,
   url: noop,
-  tag: /^<!--[\s\S]*?-->|^<\/?[a-zA-Z0-9\-]+(?:"[^"]*"|'[^']*'|\s[^<'">\/]*)*?\/?>/,
+  tag: /^<!--[\s\S]*?-->|^<\/?[a-zA-Z0-9\-]+(?:"[^"]*"|'[^']*'|\s[^<'">\/\s]*)*?\/?>/,
   link: /^!?\[(inside)\]\(href\)/,
   reflink: /^!?\[(inside)\]\s*\[([^\]]*)\]/,
   nolink: /^!?\[((?:\[[^\]]*\]|\\[\[\]]|[^\[\]])*)\]/,