pcarrier
commented
8 years ago Please note that for server-side uses of highlights and whenever user-provided data is highlighted (eg through marky-markdown), this is a security issue as it allows DoS.
Note that this does not happen under OSX. I suspect
node-onigurumahandles Unicode differently somehow.To reproduce:
breaks.jsorbreaks.rb(for example), with the bytes0x27 0xc3 0xbc 0x27(base64J8O8Jw==), which looks like'ü'.highlightscommand line utility on it. It never returns and its memory usage grows over time.