Open stasm opened 5 years ago
The resolver should be resilient to exponential reference expansion attacks. See https://en.wikipedia.org/wiki/Billion_laughs_attack
The mitigation in fluent.js involves checking the length of the resolved placeable against a constant. We should 1) make the maximum length configurable in the constructor, and 2) consider how this works with #273.
fluent.js
The resolver should be resilient to exponential reference expansion attacks. See https://en.wikipedia.org/wiki/Billion_laughs_attack