Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Fixed a Regexp that allows bad urls to DoS you. #206
One thing you need to know about Ruby's Regexp engine is that it handles the nesting of arbitrary-length patterns very poorly in cases where it needs to backtrack.
My patch changed this:
It is important because if str is something like "abcdefghijklmnopqrstuvwxyz1234567890%" you are going to be sitting around while the Regexp engine tries every possible friggin combination of matches before it gives up. By removing the variable length + off the [^%] it only has the option to grab one so no permutation cycling is necessary.
That's just how it is.