[security] fix possible ReDOS vulnerable regex rule by refactoring (d…

…oesn't change the alphabet)
markedjs · Mar 5, 2018 · 271d357 · 271d357
1 parent 29d33d9
commit 271d357
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/marked.js b/lib/marked.js
@@ -38,7 +38,7 @@ var block = {
 };
 
 block._label = /(?:\\[\[\]]|[^\[\]])+/;
-block._title = /(?:"(?:\\"|[^"])*"|'\n?(?:[^'\n]+\n?)*'|\([^()]*\))/;
+block._title = /(?:"(?:\\"?|[^"\\])*"|'[^'\n]*(?:\n[^'\n]+)*\n?'|\([^()]*\))/;
 block.def = edit(block.def)
   .replace('label', block._label)
   .replace('title', block._title)