StarMirror/showdown
1
0
Fork 0
mirror of https://github.com/showdownjs/showdown.git synced 2024-03-22 13:30:55 +08:00
Code Issues Projects Releases Wiki Activity

fix(html-comments): changed regex to precent malformed long comment to freeze showdown

Browse Source 
Closes #439
This commit is contained in:
Estevao Soares dos Santos 2017-10-02 05:18:10 +01:00
parent 0627e497e3
commit 3efcd101a2
7 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
dist/showdown.js vendored
View File

Binary file not shown.

BIN
dist/showdown.js.map vendored
View File

Binary file not shown.

BIN
dist/showdown.min.js vendored
View File

Binary file not shown.

BIN
dist/showdown.min.js.map vendored
View File

Binary file not shown.

12
src/subParsers/escapeSpecialCharsWithinTagAttributes.js
View File

@ -6,9 +6,10 @@ showdown.subParser('escapeSpecialCharsWithinTagAttributes', function (text, opti
'use strict'; 'use strict';
text = globals.converter._dispatch('escapeSpecialCharsWithinTagAttributes.before', text, options, globals); text = globals.converter._dispatch('escapeSpecialCharsWithinTagAttributes.before', text, options, globals);
// Build a regex to find HTML tags and comments. See Friedl's // Build a regex to find HTML tags.
// "Mastering Regular Expressions", 2nd Ed., pp. 200-201. var regex = /(<[a-z\/!$]("[^"]*"|'[^']*'|[^'">])*>)/gi,
var regex = /(<[a-z\/!$]("[^"]*"|'[^']*'|[^'">])*>|<!(--.*?--\s*)+>)/gi; // due to catastrophic backtrace we split the old regex into two, one for tags and one for comments
regexComments = /<!(--(?:|(?:[^>-]|-[^>])(?:[^-]|-[^-])*)--)>/gi;
text = text.replace(regex, function (wholeMatch) { text = text.replace(regex, function (wholeMatch) {
return wholeMatch return wholeMatch
@ -16,6 +17,11 @@ showdown.subParser('escapeSpecialCharsWithinTagAttributes', function (text, opti
.replace(/([\\`*_~=|])/g, showdown.helper.escapeCharactersCallback); .replace(/([\\`*_~=|])/g, showdown.helper.escapeCharactersCallback);
}); });
text = text.replace(regexComments, function (wholeMatch) {
return wholeMatch
.replace(/([\\`*_~=|])/g, showdown.helper.escapeCharactersCallback);
});
text = globals.converter._dispatch('escapeSpecialCharsWithinTagAttributes.after', text, options, globals); text = globals.converter._dispatch('escapeSpecialCharsWithinTagAttributes.after', text, options, globals);
return text; return text;
}); });

2
test/cases/html-comments.html
View File

@ -6,3 +6,5 @@
<!-- comment --> <!-- comment -->
<pre><code>&lt;!-- comment --&gt; <pre><code>&lt;!-- comment --&gt;
</code></pre> </code></pre>
<p>&lt;!----------------------------------------------------------------------------------------------------------------------------------------------------</p>
<!-------------------------------------------------------------------->

4
test/cases/html-comments.md
View File

@ -9,3 +9,7 @@ words <!-- a comment --> words
<!-- comment --> <!-- comment -->
<!-- comment --> <!-- comment -->
<!----------------------------------------------------------------------------------------------------------------------------------------------------
<!-------------------------------------------------------------------->