Skip to content

Commit

Permalink
Fix ReDoS in previous-map
Browse files Browse the repository at this point in the history 
Fix Strategy: Replace `(.*)` with `(?:(?!sourceMappingURL=).)*`
  • Loading branch information
@yetingli
yetingli committed Apr 26, 2021
1 parent dc6cff1 commit 2ad1ca9
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions lib/previous-map.js
View file
Expand Up @@ -48,11 +48,11 @@ class PreviousMap {
}

getAnnotationURL(sourceMapString) {
return sourceMapString.match(/\/\*\s*# sourceMappingURL=(.*)\*\//)[1].trim()
return sourceMapString.match(/\/\*\s*# sourceMappingURL=((?:(?!sourceMappingURL=).)*)\*\//)[1].trim()
}

loadAnnotation(css) {
let annotations = css.match(/\/\*\s*# sourceMappingURL=.*\*\//gm)
let annotations = css.match(/\/\*\s*# sourceMappingURL=(?:(?!sourceMappingURL=).)*\*\//gm)

if (annotations && annotations.length > 0) {
// Locate the last sourceMappingURL to avoid picking up
Expand Down

2 comments on commit 2ad1ca9

@rmkanda
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yetingli Any plans for porting the fix to 7.x ?

@ai
Copy link
Member

@ai ai commented on 2ad1ca9 May 13, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#1574

Please sign in to comment.