Closed ready-research closed 2 years ago
It seems this patch is not works correctly. Here is am example:
// current version
function stripCommentTagCurrent(html) {
return html.replace(/<!--[\s\S]*?-->/g, "");
}
// patch version
function stripCommentTagNew(html) {
return html.replace(/<!--(?:(?!<!--[\s\S])*?)-->/g, "");
}
const list = [
"<!-- hello -->",
"<!--hello-->",
"<!-- <!-- <!-- hello --> --> -->",
];
for (var i = 0; i < list.length; i++) {
var s = list[i];
console.log("input: ", s);
console.log("current output:", stripCommentTagCurrent(s));
console.log("new output: ", stripCommentTagNew(s));
console.log("");
}
Outpus:
input: <!-- hello -->
current output:
new output: <!-- hello -->
input: <!--hello-->
current output:
new output: <!--hello-->
input: <!-- <!-- <!-- hello --> --> -->
current output: --> -->
new output: <!-- <!-- <!-- hello --> --> -->
Still have problems with this case:
input: <!-- <!-- <!-- hello --> --> -->
current output: --> -->
new output: <!-- <!-- --> -->
@leizongmin Check this one once
Fix ReDoS
Reported in https://www.huntr.dev/bounties/8bdc9cfb-4328-4655-a480-0b2403f16f52/ you can access this using GitHub. Please validate using
Mark as valid
and alsoconfirm the fix
. Thank you.