Update regex for striptags method to prevent regex dos

prototypejs / prototype

Prototype JavaScript framework

http://prototypejs.org/

Other

3.54k stars 639 forks source link

Update regex for striptags method to prevent regex dos #349

Open jwestbrook opened 3 years ago

jwestbrook commented 3 years ago

Per conversation, here is the Pull Request for the advisory. Attempt 2

erik-krogh commented 3 years ago

:+1:

madrobby commented 2 years ago

Heya, is there a test somewhere demonstrating that this works? Thanks.

Ideally, this should be added to master/test/unit/tests/string.test.js

elhennig commented 2 years ago

Is there any plan to create a new release including this fix?

Nikunj-daga-94 commented 2 years ago

This RegEx does not seem to work i tried in my project MY unit tests are failing since the UI id being created using this are incorrect/changed. Any ideas?

madhusudhanreddyvade commented 2 years ago

Try below

function stripTags() { return this.replace(/<(?=(\w+))\1(\s+("[^"]"|'[^']'|[^>])+)?>|<\/(?=(\w+))\1>/gi, ''); }

AyushRawat1996 commented 1 year ago

Can anyone please update on this PR?

savetheclocktower commented 1 year ago

The project is not active and will not be doing further releases. You are encouraged to apply this fix yourself after loading prototype.js:

String.prototype.stripTags = function () {
  return this.replace(/<\w+(\s+("[^"]*"|'[^']*'|[^>'"])+)?\s*("[^">]*|'[^'>])?(\/)?>|<\/\w+>/gi, '');
};