sno2
commented
1 year ago Hello, the validator short-circuits if the input length is greater than 254 so I do not believe that this could be utilized to cause any major issues.
Open safareli opened 2 years ago
sno2
commented
1 year ago Hello, the validator short-circuits if the input length is greater than 254 so I do not believe that this could be utilized to cause any major issues.
houd1ni
commented
1 year ago Hi! Thanks for the idea! There're some PR's regarding utf support that could potentially break some algorythms. Will test the result when they get resolved and make the note. One of them is https://github.com/manishsaraan/email-validator/pull/57 for example.
Would be great there was a note on if the regex is vulnerable against ReDos. I tested on
and both say that regex is linear.
only http://redos-checker.surge.sh/ is saying that it's vulnerable but I suppose it's very old and not that smart?