search

benweet / stackedit

In-browser Markdown editor
https://stackedit.io/
Apache License 2.0
21.8k stars 2.73k forks source link

In-browser CPU DoS. #1702

Open peng-hui opened 3 years ago

peng-hui commented 3 years ago

Hi,

We identified several client-side performance issues when giving crafted Markdown input to stackedit. All these should be related to the link target parsing in stackedit.

1.

"[](" * 50000

2.

"[a](<b" * 50000

3.

"[a](b" * 5000

4.

"[ (](" * 5000