Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Latte: Fixed exponential backtracking #2682

Merged
merged 1 commit into from Dec 31, 2020

Conversation

@RunDevelopment
Copy link
Member

@RunDevelopment RunDevelopment commented Dec 31, 2020

No description provided.

@github-actions
Copy link

@github-actions github-actions bot commented Dec 31, 2020

JS File Size Changes (gzipped)

A total of 1 files have changed, with a combined diff of +9 B (+1.8%).

file master pull size diff % diff
components/prism-latte.min.js 513 B 522 B +9 B +1.8%

Generated by 🚫 dangerJS against bf29575

@RunDevelopment RunDevelopment merged commit 89f1e18 into PrismJS:master Dec 31, 2020
8 checks passed
@RunDevelopment RunDevelopment deleted the latte-exp-bt-fix branch Dec 31, 2020
@joshgoebel
Copy link

@joshgoebel joshgoebel commented Dec 31, 2020

Is the detector improving or this was just not dealt with before?

@RunDevelopment
Copy link
Member Author

@RunDevelopment RunDevelopment commented Dec 31, 2020

This is one of the very few regexes that aren't checked by our detector. This was found using a CodeQL query.

@joshgoebel
Copy link

@joshgoebel joshgoebel commented Dec 31, 2020

I'll assume it's something weird about how markup templating works or something that it's "special"... so much of our regex are generated at run-time but since the tests are running at run-time we just hook into the FINAL prepared regex and run them thru the checker.

@RunDevelopment
Copy link
Member Author

@RunDevelopment RunDevelopment commented Dec 31, 2020

Yeah, we just check the regexes of all grammars. Markup templating also needs one additional regex to detect the embedded language and that regex isn't checked.

One way around that might be to override the exec/test methods in RegExp.prototype to run the detector on all patterns used to tokenize Prism's test cases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants