Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix possible ReDoS attack
  • Loading branch information
melnaron committed Jun 2, 2018
1 parent 6d378db commit 3776761
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 4 deletions.
1 change: 1 addition & 0 deletions .gitignore
@@ -1,2 +1,3 @@
.DS_Store
.idea
.vscode
1 change: 1 addition & 0 deletions .npmignore
@@ -1,3 +1,4 @@
.DS_Store
.idea
.vscode
.git*
6 changes: 3 additions & 3 deletions lib/spintax.js
Expand Up @@ -34,7 +34,7 @@
* @return {Boolean}
*/
exports.isSpintax = function(text) {
return text.match(/{.*(\|.*)+}/) !== null;
return text.match(/\{[^}]*\|*[^}]*\}/) !== null;
};

/**
Expand All @@ -44,7 +44,7 @@
* @return {null|Array}
*/
exports.findSpintax = function(text) {
return text.match(/{([^{}]+?)}/);
return text.match(/\{([^{}]+?)\}/);
};

/**
Expand Down Expand Up @@ -152,7 +152,7 @@
text = exports.unspin(text);

// Check text for remaining Spintax format sequences: { then | or | then }
return text.match(/({[^}]*\|)|(\|[^{]*})/) === null;
return text.match(/(\{[^}]*\|)|(\|[^{]*\})/) === null;
};

})(typeof exports === 'undefined' ? this['spintax'] = {} : exports);
2 changes: 1 addition & 1 deletion package.json
@@ -1,6 +1,6 @@
{
"name": "mel-spintax",
"version": "1.0.2",
"version": "1.0.3",
"description": "Parse Spintax formatted text (Nested Spintax supported)",
"main": "index.js",
"directories": {
Expand Down

0 comments on commit 3776761

Please sign in to comment.