regex is evil regex - Githubissues

amalamalpm commented 8 years ago

It is a code segment in prototype.js

findChildElements: function(element, expressions) { var exprs = expressions.join(','), expressions = []; exprs.scan(/(([\w#:.~>+()\s-]+|*|[.?])+)\s(,|$)/, function(m) { ......

If we given value of exprs as

 exprs="#microsoft-windowserw-appmodel-runtime/admin";
and call this function will make the browser hang. especially Google chrome.

Simply we can say following line will hang the browser.

"#microsoft-windowserw-appmodel-runtime/admin".match(/(([\w#:.~>+()\s-]+|\*|\[.*?\])+)\s*(,|$)/);

So please try to modify this evil regex. Thank you

amalamalpm commented 8 years ago

An element name or id can contain any symbols, including (\ / < >)

savetheclocktower commented 8 years ago

Yeah, a slash in an ID used to be forbidden, but HTML5 has much looser rules about this. I'll take a look.

savetheclocktower commented 8 years ago

Actually, it looks like the only place this regex is used is in our legacy selector engine, which we haven't updated in years. What version of Prototype are you on? Newer versions should be using Sizzle.

Closing for now.

amalamalpm commented 8 years ago

Thanks for your update

prototypejs / prototype

regex is evil regex #308