From 8b1327688fef8e6617792054ef299d7bc74c0a1e Mon Sep 17 00:00:00 2001
From: Kornelius Kalnbach <murphy@rubychan.de>
Date: Thu, 2 Nov 2023 02:33:25 +0100
Subject: [PATCH] Fix CVE-2023-31606 (ReDOS possible in the sanitize_html
 function) (#75)

* make regex faster with Atomic Grouping
* simplify fix
---
 lib/redcloth/formatters/html.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/redcloth/formatters/html.rb b/lib/redcloth/formatters/html.rb
index b241c99c..396c2d0f 100644
--- a/lib/redcloth/formatters/html.rb
+++ b/lib/redcloth/formatters/html.rb
@@ -324,7 +324,7 @@ def before_transform(text)
   # Clean unauthorized tags.
   def clean_html( text, allowed_tags = BASIC_TAGS )
     text.gsub!( /<!\[CDATA\[/, '' )
-    text.gsub!( /<(\/*)([A-Za-z]\w*)([^>]*?)(\s?\/?)>/ ) do |m|
+    text.gsub!( /<(\/*)([A-Za-z]\w*+)([^>]*?)(\s?\/?)>/ ) do |m|
       raw = $~
       tag = raw[2].downcase
       if allowed_tags.has_key? tag