Prevent a ReDoS vulnerability (#335)

fix: prevent a ReDoS vulnerability Ported from markdown-it/markdown-it@89c8620. fix: prevent ReDoS with comments Once again - prior art: markdown-it/markdown-it@6ab7cc3 Hat tip @DanCech #335 (comment) for pointing out #331 (comment), which I missed initially
jonschlinkert · Jul 29, 2019 · 287dfbf · 287dfbf
1 parent 49e87b7
commit 287dfbf
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/lib/common/html_re.js b/lib/common/html_re.js
@@ -41,10 +41,10 @@ var open_tag    = replace(/<[A-Za-z][A-Za-z0-9]*attribute*\s*\/?>/)
                     ();
 
 var close_tag   = /<\/[A-Za-z][A-Za-z0-9]*\s*>/;
-var comment     = /<!--([^-]+|[-][^-]+)*-->/;
+var comment     = /<!---->|<!--(?:-?[^>-])(?:-?[^-])*-->/;
 var processing  = /<[?].*?[?]>/;
 var declaration = /<![A-Z]+\s+[^>]*>/;
-var cdata       = /<!\[CDATA\[([^\]]+|\][^\]]|\]\][^>])*\]\]>/;
+var cdata       = /<!\[CDATA\[[\s\S]*?\]\]>/;
 
 var HTML_TAG_RE = replace(/^(?:open_tag|close_tag|comment|processing|declaration|cdata)/)
   ('open_tag', open_tag)

diff --git a/test/fixtures/remarkable/redos.txt b/test/fixtures/remarkable/redos.txt
@@ -0,0 +1,11 @@
+.
+<a>ReDoS</a><![CDATA[aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa]] >
+.
+<p><a>ReDoS</a>&lt;![CDATA[aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa]] &gt;</p>
+.
+
+.
+<a>z</a><!--aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa--->
+.
+<p><a>z</a>&lt;!–aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa—&gt;</p>
+.