packages/marked
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
marked/0001-CVE-2022-21680.patch
douyan b0edcc7510 fix CVE-2022-21680
2022-09-02 11:31:21 +08:00

65 lines
3.1 KiB
Diff
Raw Permalink Blame History

diff -Naur marked-2.0.0/src/rules.js marked-2.0.0~/src/rules.js
--- marked-2.0.0/src/rules.js 2021-02-08 06:26:26.000000000 +0800
+++ marked-2.0.0~/src/rules.js 2022-09-02 11:01:07.576853870 +0800
@@ -25,7 +25,7 @@
+ '|<(?!script|pre|style)([a-z][\\w-]*)(?:attribute)*? */?>(?=[ \\t]*(?:\\n|$))[\\s\\S]*?(?:\\n{2,}|$)' // (7) open tag
+ '|</(?!script|pre|style)[a-z][\\w-]*\\s*>(?=[ \\t]*(?:\\n|$))[\\s\\S]*?(?:\\n{2,}|$)' // (7) closing tag
+ ')',
- def: /^ {0,3}\[(label)\]: *\n? *<?([^\s>]+)>?(?:(?: +\n? *| *\n *)(title))? *(?:\n+|$)/,
+ def: /^ {0,3}\[(label)\]: *(?:\n *)?<?([^\s>]+)>?(?:(?: +(?:\n *)?| *\n *)(title))? *(?:\n+|$)/,
nptable: noopTest,
table: noopTest,
lheading: /^([^\n]+)\n {0,3}(=+|-+) *(?:\n+|$)/,
@@ -35,7 +35,7 @@
text: /^[^\n]+/
};
-block._label = /(?!\s*\])(?:\\[\[\]]|[^\[\]])+/;
+block._label = /(?!\s*\])(?:\\.|[^\[\]\\])+/;
block._title = /(?:"(?:\\"?|[^"\\])*"|'[^'\n]*(?:\n[^'\n]+)*\n?'|\([^()]*\))/;
block.def = edit(block.def)
.replace('label', block._label)
@@ -170,8 +170,8 @@
+ '|^<![a-zA-Z]+\\s[\\s\\S]*?>' // declaration, e.g. <!DOCTYPE html>
+ '|^<!\\[CDATA\\[[\\s\\S]*?\\]\\]>', // CDATA section
link: /^!?\[(label)\]\(\s*(href)(?:\s+(title))?\s*\)/,
- reflink: /^!?\[(label)\]\[(?!\s*\])((?:\\[\[\]]?|[^\[\]\\])+)\]/,
- nolink: /^!?\[(?!\s*\])((?:\[[^\[\]]*\]|\\[\[\]]|[^\[\]])*)\](?:\[\])?/,
+ reflink: /^!?\[(label)\]\[(ref)\]/,
+ nolink: /^!?\[(ref)\](?:\[\])?/,
reflinkSearch: 'reflink|nolink(?!\\()',
emStrong: {
lDelim: /^(?:\*+(?:([punct_])|[^\s*]))|^_+(?:([punct*])|([^\s_]))/,
@@ -238,6 +238,11 @@
inline.reflink = edit(inline.reflink)
.replace('label', inline._label)
+ .replace('ref', block._label)
+ .getRegex();
+
+inline.nolink = edit(inline.nolink)
+ .replace('ref', block._label)
.getRegex();
inline.reflinkSearch = edit(inline.reflinkSearch, 'g')
diff -Naur marked-2.0.0/test/specs/redos/cubic_def.cjs marked-2.0.0~/test/specs/redos/cubic_def.cjs
--- marked-2.0.0/test/specs/redos/cubic_def.cjs 1970-01-01 08:00:00.000000000 +0800
+++ marked-2.0.0~/test/specs/redos/cubic_def.cjs 2022-09-02 10:50:19.562274563 +0800
@@ -0,0 +1,4 @@
+module.exports = {
+ markdown: `[x]:${' '.repeat(1500)}x ${' '.repeat(1500)} x`,
+ html: `<p>[x]:${' '.repeat(1500)}x ${' '.repeat(1500)} x</p>`,
+};
diff -Naur marked-2.0.0/test/specs/redos/reflink_redos.html marked-2.0.0~/test/specs/redos/reflink_redos.html
--- marked-2.0.0/test/specs/redos/reflink_redos.html 1970-01-01 08:00:00.000000000 +0800
+++ marked-2.0.0~/test/specs/redos/reflink_redos.html 2022-09-02 10:50:42.510544453 +0800
@@ -0,0 +1 @@
+<p>[[]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([]([</p>
diff -Naur marked-2.0.0/test/specs/redos/reflink_redos.md marked-2.0.0~/test/specs/redos/reflink_redos.md
--- marked-2.0.0/test/specs/redos/reflink_redos.md 1970-01-01 08:00:00.000000000 +0800
+++ marked-2.0.0~/test/specs/redos/reflink_redos.md 2022-09-02 10:51:08.129845768 +0800
@@ -0,0 +1,3 @@
+[x]: x
+
+[\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\](\[\]([
Reference in New Issue View Git Blame Copy Permalink