Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Intra-word emphasis can match the wrong asterisks #1636

Merged
merged 3 commits into from
Apr 10, 2020
Merged

fix: Intra-word emphasis can match the wrong asterisks #1636

merged 3 commits into from
Apr 10, 2020
+5 −1

Conversation

Scrum
Copy link
Contributor

@Scrum Scrum commented Apr 3, 2020
edited by styfle
Loading

Description

Contributor

  • Test(s) exist to ensure functionality and minimize regression (if no tests added, list tests covering this PR)

Committer

In most cases, this should be a different person than the contributor.

  • Draft GitHub release notes have been updated.
  • CI is green (no forced merge required).
  • Merge PR

Sorry, something went wrong.

Scrum added 2 commits April 3, 2020 14:40
@Scrum
test: for issue #1607

Verified

This commit was signed with the committer’s verified signature.
rafaelfranca Rafael Mendonça França
GPG key ID: FC23B6D0F1EEE948
Verified
Learn about vigilant mode
1421c35
@Scrum
perf: regexp for em, close #1607
6fc0721
@vercel
Copy link

vercel bot commented Apr 3, 2020
edited
Loading

This pull request is being automatically deployed with ZEIT Now (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://zeit.co/markedjs/markedjs/qba5ws1f2
✅ Preview: https://markedjs-git-fork-scrum-master.markedjs.now.sh

@UziTech
Copy link
Member

UziTech commented Apr 3, 2020

@davisjam could you check if the new regex is vulnerable to ReDos?

@Scrum
Copy link
Contributor Author

Scrum commented Apr 9, 2020

@UziTech @davisjam ping ?

UziTech
UziTech approved these changes Apr 10, 2020
View reviewed changes
Copy link
Member

@UziTech UziTech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It doesn't looks like this changes the structure of the regex so if it wasn't vulnerable before than it shouldn't be now.

Good work! 💯

styfle
styfle approved these changes Apr 10, 2020
View reviewed changes
Copy link
Member

@styfle styfle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@styfle styfle merged commit 71e96bb into markedjs:master Apr 10, 2020
@UziTech UziTech mentioned this pull request Apr 13, 2020
Closed
@UziTech UziTech mentioned this pull request Apr 20, 2020
Merged
12 tasks
zhenalexfan pushed a commit to zhenalexfan/MarkdownHan that referenced this pull request Nov 8, 2021
@styfle
Merge pull request markedjs#1636 from Scrum/master
04adedf 
fix: Intra-word emphasis can match the wrong asterisks
zhenalexfan pushed a commit to zhenalexfan/MarkdownHan that referenced this pull request Nov 8, 2021
@UziTech
Merge pull request markedjs#1636 from Scrum/master
ab54687 
fix: Intra-word emphasis can match the wrong asterisks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@UziTech UziTech

@styfle styfle

@davisjam davisjam

@joshbruce joshbruce

Assignees
No one assigned
Labels
category: inline elements
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Scrum @UziTech @styfle