Skip to content

Commit

Permalink
Merge pull request #1567 from yetingli/main
Browse files Browse the repository at this point in the history 
Fix ReDoS in previous-map
  • Loading branch information
@ai
ai committed Apr 26, 2021
2 parents dc6cff1 + 2ad1ca9 commit 2b1d04c
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions lib/previous-map.js
View file
Expand Up @@ -48,11 +48,11 @@ class PreviousMap {
}

getAnnotationURL(sourceMapString) {
return sourceMapString.match(/\/\*\s*# sourceMappingURL=(.*)\*\//)[1].trim()
return sourceMapString.match(/\/\*\s*# sourceMappingURL=((?:(?!sourceMappingURL=).)*)\*\//)[1].trim()
}

loadAnnotation(css) {
let annotations = css.match(/\/\*\s*# sourceMappingURL=.*\*\//gm)
let annotations = css.match(/\/\*\s*# sourceMappingURL=(?:(?!sourceMappingURL=).)*\*\//gm)

if (annotations && annotations.length > 0) {
// Locate the last sourceMappingURL to avoid picking up
Expand Down

1 comment on commit 2b1d04c

@abergmann
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CVE-2021-23382 was assigned to this commit.

Please sign in to comment.