Vulnerability: unterminated img src causes long execution

[wheresrhys]

The following test runner demonstrates the problem

const test = async (zeroes) => {
	const start = Date.now();
	const characterCount = Number('1' + [...Array(Number(zeroes))].map(() => '0').join(''))
	autolinker.link(`<img src="${[...Array(characterCount)].join('a')}`)
	console.log(`src of length ${characterCount} took ${Date.now() - start} ms`)
}


const testRunner = async degrees=> {

	const zeroes = [...Array(degrees)].map((_, i) => i);
	for (i in zeroes) {
		await test(i)
	}

}

testRunner(7)

[gregjacobs]

Hey @wheresrhys, thanks for this. I'll check it out!

[gregjacobs]

Figured it out: The regular expression which processed email addresses must have been doing a lot of backtracking on your input string. I replaced both the regexp-based html parser (#259) and email matcher (#260) with a state machine parser that runs in linear time. New output of your test driver with the changes:

src of length 1 took 0 ms
src of length 10 took 32 ms
src of length 100 took 2 ms
src of length 1000 took 3 ms
src of length 10000 took 11 ms
src of length 100000 took 98 ms
src of length 1000000 took 784 ms

Will be released in 3.0

[gregjacobs]

This is now up in 3.0. Let me know if you come across any other issues, and thanks for reporting!

[wheresrhys]

That sounds like an epic rewrite. Thanks a lot 🥂

[gregjacobs]

It definitely was an epic rewrite! But a long time coming, and definitely needed :) Glad to help!