-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability: unterminated img src causes long execution #257
Comments
Hey @wheresrhys, thanks for this. I'll check it out! |
Figured it out: The regular expression which processed email addresses must have been doing a lot of backtracking on your input string. I replaced both the regexp-based html parser (#259) and email matcher (#260) with a state machine parser that runs in linear time. New output of your test driver with the changes:
Will be released in 3.0 |
This is now up in 3.0. Let me know if you come across any other issues, and thanks for reporting! |
That sounds like an epic rewrite. Thanks a lot 🥂 |
It definitely was an epic rewrite! But a long time coming, and definitely needed :) Glad to help! |
Summary: Fixes gregjacobs/Autolinker.js#257 Test Plan: `./build.js windriver` Reviewers: dereckson Reviewed By: dereckson Differential Revision: https://devcentral.nasqueron.org/D2119
The following test runner demonstrates the problem
The text was updated successfully, but these errors were encountered: