Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix ReDOS #1405 #1408

Closed
wants to merge 1 commit into from
Closed

Fix ReDOS #1405 #1408

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/marked.js
View file
Open in desktop
Expand Up @@ -571,7 +571,7 @@ inline.tag = edit(inline.tag)
.getRegex();

inline._label = /(?:\[[^\[\]]*\]|\\[\[\]]?|`[^`]*`|[^\[\]\\])*?/;
inline._href = /\s*(<(?:\\[<>]?|[^\s<>\\])*>|(?:\\[()]?|\([^\s\x00-\x1f\\]*\)|[^\s\x00-\x1f()\\])*?)/;
inline._href = /\s*(<(?:\\[<>]?|[^\s<>\\])*>|(?:\\[()]?|\([^\s\x00-\x1f\\()]*\)|[^\s\x00-\x1f()\\])*?)/;
inline._title = /"(?:\\"?|[^"\\])*"|'(?:\\'?|[^'\\])*'|\((?:\\\)?|[^)\\])*\)/;

inline.link = edit(inline.link)
Expand Down
5 changes: 5 additions & 0 deletions test/new/link_redos.html
View file
Open in desktop
@@ -0,0 +1,5 @@
<ul>
<li>伪类:<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:active">:active</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:any-link">:any-link</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:blank">:blank</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:checked">:checked</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:current">:current</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:default">:default</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:defined">:defined</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:dir">:dir()</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:disabled">:disabled</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:drop">:drop</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:empty">:empty</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:enabled">:enabled</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:first">:first</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:first-child">:first-child</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:first-of-type">:first-of-type</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:fullscreen">:fullscreen</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:future">:future</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:focus">:focus</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:focus-visible">:focus-visible</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:focus-within">:focus-within</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:has">:has()</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:host">:host</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:host()">:host()</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:host-context()">:host-context()</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:hover">:hover</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:indeterminate">:indeterminate</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:in-range">:in-range</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:invalid">:invalid</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:is">:is()</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:lang">:lang()</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:last-child">:last-child</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:last-of-type">:last-of-type</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:left">:left</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:link">:link</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:local-link">:local-link</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:not">:not()</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:nth-child">:nth-child()</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:nth-col">:nth-col()</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:nth-last-child">:nth-last-child()</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:nth-last-col">:nth-last-col()</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:nth-last-of-type">:nth-last-of-type()</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:nth-of-type">:nth-of-type()</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:only-child">:only-child</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:only-of-type">:only-of-type</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:optional">:optional</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:out-of-range">:out-of-range</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:past">:past</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:placeholder-shown">:placeholder-shown</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:read-only">:read-only</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:read-write">:read-write</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:required">:required</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:right">:right</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:root">:root</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:scope">:scope</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:target">:target</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:target-within">:target-within</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:user-invalid">:user-invalid</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:valid">:valid</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:visited">:visited</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/:where">:where()</a></li>
<li>伪元素:<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/::after">::after (:after)</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/::backdrop">::backdrop</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/::before">::before (:before)</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/::cue">::cue (:cue)</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/::first-letter">::first-letter (:first-letter)</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/::first-line">::first-line (:first-line)</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/::grammar-error">::grammar-error</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/::marker">::marker</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/::placeholder">::placeholder</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/::selection">::selection</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/::slotted">::slotted()</a>、<a href="https://developer.mozilla.org/en-US/docs/Web/CSS/::spelling-error">::spelling-error</a> </li>
</ul>

2 changes: 2 additions & 0 deletions test/new/link_redos.md
View file
Open in desktop
@@ -0,0 +1,2 @@
* 伪类:[:active](https://developer.mozilla.org/en-US/docs/Web/CSS/:active)、[:any-link](https://developer.mozilla.org/en-US/docs/Web/CSS/:any-link)、[:blank](https://developer.mozilla.org/en-US/docs/Web/CSS/:blank)、[:checked](https://developer.mozilla.org/en-US/docs/Web/CSS/:checked)、[:current](https://developer.mozilla.org/en-US/docs/Web/CSS/:current)、[:default](https://developer.mozilla.org/en-US/docs/Web/CSS/:default)、[:defined](https://developer.mozilla.org/en-US/docs/Web/CSS/:defined)、[:dir()](https://developer.mozilla.org/en-US/docs/Web/CSS/:dir)、[:disabled](https://developer.mozilla.org/en-US/docs/Web/CSS/:disabled)、[:drop](https://developer.mozilla.org/en-US/docs/Web/CSS/:drop)、[:empty](https://developer.mozilla.org/en-US/docs/Web/CSS/:empty)、[:enabled](https://developer.mozilla.org/en-US/docs/Web/CSS/:enabled)、[:first](https://developer.mozilla.org/en-US/docs/Web/CSS/:first)、[:first-child](https://developer.mozilla.org/en-US/docs/Web/CSS/:first-child)、[:first-of-type](https://developer.mozilla.org/en-US/docs/Web/CSS/:first-of-type)、[:fullscreen](https://developer.mozilla.org/en-US/docs/Web/CSS/:fullscreen)、[:future](https://developer.mozilla.org/en-US/docs/Web/CSS/:future)、[:focus](https://developer.mozilla.org/en-US/docs/Web/CSS/:focus)、[:focus-visible](https://developer.mozilla.org/en-US/docs/Web/CSS/:focus-visible)、[:focus-within](https://developer.mozilla.org/en-US/docs/Web/CSS/:focus-within)、[:has()](https://developer.mozilla.org/en-US/docs/Web/CSS/:has)、[:host](https://developer.mozilla.org/en-US/docs/Web/CSS/:host)、[:host()](https://developer.mozilla.org/en-US/docs/Web/CSS/:host())、[:host-context()](https://developer.mozilla.org/en-US/docs/Web/CSS/:host-context())、[:hover](https://developer.mozilla.org/en-US/docs/Web/CSS/:hover)、[:indeterminate](https://developer.mozilla.org/en-US/docs/Web/CSS/:indeterminate)、[:in-range](https://developer.mozilla.org/en-US/docs/Web/CSS/:in-range)、[:invalid](https://developer.mozilla.org/en-US/docs/Web/CSS/:invalid)、[:is()](https://developer.mozilla.org/en-US/docs/Web/CSS/:is)、[:lang()](https://developer.mozilla.org/en-US/docs/Web/CSS/:lang)、[:last-child](https://developer.mozilla.org/en-US/docs/Web/CSS/:last-child)、[:last-of-type](https://developer.mozilla.org/en-US/docs/Web/CSS/:last-of-type)、[:left](https://developer.mozilla.org/en-US/docs/Web/CSS/:left)、[:link](https://developer.mozilla.org/en-US/docs/Web/CSS/:link)、[:local-link](https://developer.mozilla.org/en-US/docs/Web/CSS/:local-link)、[:not()](https://developer.mozilla.org/en-US/docs/Web/CSS/:not)、[:nth-child()](https://developer.mozilla.org/en-US/docs/Web/CSS/:nth-child)、[:nth-col()](https://developer.mozilla.org/en-US/docs/Web/CSS/:nth-col)、[:nth-last-child()](https://developer.mozilla.org/en-US/docs/Web/CSS/:nth-last-child)、[:nth-last-col()](https://developer.mozilla.org/en-US/docs/Web/CSS/:nth-last-col)、[:nth-last-of-type()](https://developer.mozilla.org/en-US/docs/Web/CSS/:nth-last-of-type)、[:nth-of-type()](https://developer.mozilla.org/en-US/docs/Web/CSS/:nth-of-type)、[:only-child](https://developer.mozilla.org/en-US/docs/Web/CSS/:only-child)、[:only-of-type](https://developer.mozilla.org/en-US/docs/Web/CSS/:only-of-type)、[:optional](https://developer.mozilla.org/en-US/docs/Web/CSS/:optional)、[:out-of-range](https://developer.mozilla.org/en-US/docs/Web/CSS/:out-of-range)、[:past](https://developer.mozilla.org/en-US/docs/Web/CSS/:past)、[:placeholder-shown](https://developer.mozilla.org/en-US/docs/Web/CSS/:placeholder-shown)、[:read-only](https://developer.mozilla.org/en-US/docs/Web/CSS/:read-only)、[:read-write](https://developer.mozilla.org/en-US/docs/Web/CSS/:read-write)、[:required](https://developer.mozilla.org/en-US/docs/Web/CSS/:required)、[:right](https://developer.mozilla.org/en-US/docs/Web/CSS/:right)、[:root](https://developer.mozilla.org/en-US/docs/Web/CSS/:root)、[:scope](https://developer.mozilla.org/en-US/docs/Web/CSS/:scope)、[:target](https://developer.mozilla.org/en-US/docs/Web/CSS/:target)、[:target-within](https://developer.mozilla.org/en-US/docs/Web/CSS/:target-within)、[:user-invalid](https://developer.mozilla.org/en-US/docs/Web/CSS/:user-invalid)、[:valid](https://developer.mozilla.org/en-US/docs/Web/CSS/:valid)、[:visited](https://developer.mozilla.org/en-US/docs/Web/CSS/:visited)、[:where()](https://developer.mozilla.org/en-US/docs/Web/CSS/:where)
* 伪元素:[::after (:after)](https://developer.mozilla.org/en-US/docs/Web/CSS/::after)、[::backdrop](https://developer.mozilla.org/en-US/docs/Web/CSS/::backdrop)、[::before (:before)](https://developer.mozilla.org/en-US/docs/Web/CSS/::before)、[::cue (:cue)](https://developer.mozilla.org/en-US/docs/Web/CSS/::cue)、[::first-letter (:first-letter)](https://developer.mozilla.org/en-US/docs/Web/CSS/::first-letter)、[::first-line (:first-line)](https://developer.mozilla.org/en-US/docs/Web/CSS/::first-line)、[::grammar-error](https://developer.mozilla.org/en-US/docs/Web/CSS/::grammar-error)、[::marker](https://developer.mozilla.org/en-US/docs/Web/CSS/::marker)、[::placeholder](https://developer.mozilla.org/en-US/docs/Web/CSS/::placeholder)、[::selection](https://developer.mozilla.org/en-US/docs/Web/CSS/::selection)、[::slotted()](https://developer.mozilla.org/en-US/docs/Web/CSS/::slotted)、[::spelling-error](https://developer.mozilla.org/en-US/docs/Web/CSS/::spelling-error)
4 changes: 2 additions & 2 deletions test/specs/commonmark/commonmark-spec.js
View file
Open in desktop
Expand Up @@ -46,7 +46,7 @@ var messenger = new Messenger();
|Entity and numeric character references | 9 of 12 | 75%|
|Code spans | 11 of 17 | 65%|
|Emphasis and strong emphasis | 79 of 128 | 61%|
|Links | 69 of 84 | 82%|
|Links | 68 of 84 | 81%|
|Images | 15 of 22 | 68%|
|Autolinks | 15 of 19 | 79%|
|Raw HTML | 19 of 21 | 90%|
Expand Down Expand Up @@ -352,7 +352,7 @@ describe('CommonMark 0.28 Links', function() {
var section = 'Links';

// var shouldPassButFails = [];
var shouldPassButFails = [474, 478, 483, 489, 490, 491, 495, 496, 497, 499, 503, 504, 507, 508, 509];
var shouldPassButFails = [468, 474, 478, 483, 489, 490, 491, 495, 496, 497, 499, 503, 504, 507, 508, 509];

var willNotBeAttemptedByCoreTeam = [];

Expand Down