search

quantizor / markdown-to-jsx

🏭 The most lightweight, customizable React markdown component.
https://markdown-to-jsx.quantizor.dev/
MIT License
2.02k stars 174 forks source link

Trivial RegExp DoS (leading spaces) #598

Open jasisk opened 3 months ago

jasisk commented 3 months ago

The code block regex allows for a DoS. Can be reproduced with ~100 spaces.

Reproduction in regex debugger.

Reproduce in the playground:

text

text
narcis-fv commented 2 months ago

This is a serious issue, I've been seeing it as well. Any workaround @jasisk until this gets answered?

narcis-fv commented 2 months ago

I've been removing the leading whitespace, using a regex:

const sanitizedString = inputString.replace(/\s+/g, " ");

BLamy commented 14 hours ago

Also had the same problem. I've been using. 

const sanitizedString = inputString.replace(/^ *$/gm, '\n')

This will replace lines that have just spaces on it with a new line