security: finish fixing unsafe heading regex #1226
Closed
Commits on Apr 26, 2018
-
security: finish fixing unsafe heading regex
Apply similar patch to a similar heading regex. Follow-on to f052a2c. Test: Add a test case to demonstrate the slower blow-up.
-
-
-
-
security: replace unsafe /X+$/ idiom with rtrim
Problem: replace(/X+$/, '') is vulnerable to REDOS Solution: Replace all instances I could find with a custom rtrim
-
Commits on Apr 27, 2018
-
remove leading whitespace in paragraphs
Spec: No leading whitespace within a paragraph Fix: I strip leading whitespace on each line while rendering paragraphs Unanticipated problem: Causes the (previously failing but hidden) CommonMark 318 to fail. I added that to the list of expected-to-fail tests. This commit addresses a failing header test case noted in 943d995 whose root cause was paragraph rendering not up to spec.
Commits on Apr 28, 2018
-
WIP: safen the text regex via linear-time scans
Sketch implementing text regex as a linear-time RegExp imitator. - A few nits here and there - I haven't tested all of the offsetOfX routines, so 'npm run test' hangs on some bug
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.