There are known instances of regular expressions with bad (exponential) worst-case performance in the WebMangler code base. These don't apply to normal inputs - regular code snippets - and so are not considered a bug or security issue but rather a performance issue that would ideally be fixed.
:warning: Anyone using WebMangler on untrusted input should consider this a security issue and take necessary precautions to prevent ReDoS attacks.
This issue is intended to track known bad (parts of) regular expressions so they can be addressed individually/in groups.
Participating
If you find an instance of a regular expression that has a bad worst-case performance feel free to leave a comment and it'll be added to the list.
If you know how to fix one/a group of these, feel free to open a Pull Request with a fix. Try to clearly communicate which instances in this issue are addressed by your fix. If possible, add or update performance tests to prevent re-introduction of the worst-case regular expression in the future.
Performance
^0.1.23Description
There are known instances of regular expressions with bad (exponential) worst-case performance in the WebMangler code base. These don't apply to normal inputs - regular code snippets - and so are not considered a bug or security issue but rather a performance issue that would ideally be fixed.
This issue is intended to track known bad (parts of) regular expressions so they can be addressed individually/in groups.
Participating
If you find an instance of a regular expression that has a bad worst-case performance feel free to leave a comment and it'll be added to the list.
If you know how to fix one/a group of these, feel free to open a Pull Request with a fix. Try to clearly communicate which instances in this issue are addressed by your fix. If possible, add or update performance tests to prevent re-introduction of the worst-case regular expression in the future.
Overview
language-html
style-tag.ts:L8: Exponential backtracking on strings starting with "' Githubissues.