From 8ae355e8ad80b5a24c5eec149a1a3c583d494afb Mon Sep 17 00:00:00 2001 From: David Chambers Date: Thu, 6 Jan 2022 12:10:31 +0100 Subject: [PATCH 1/2] update test string for trim --- test/trim.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/trim.js b/test/trim.js index 850b5c2b39..9eb4dd0978 100644 --- a/test/trim.js +++ b/test/trim.js @@ -3,7 +3,7 @@ var eq = require('./shared/eq'); describe('trim', function() { - var test = '\x09\x0A\x0B\x0C\x0D\x20\xA0\u1680\u180E\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200A\u202F\u205F\u3000\u2028\u2029\uFEFFHello, World!\x09\x0A\x0B\x0C\x0D\x20\xA0\u1680\u180E\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200A\u202F\u205F\u3000\u2028\u2029\uFEFF'; + var test = '\x09\x0A\x0B\x0C\x0D\x20\xA0\u1680\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200A\u202F\u205F\u3000\u2028\u2029\uFEFFHello, World!\x09\x0A\x0B\x0C\x0D\x20\xA0\u1680\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200A\u202F\u205F\u3000\u2028\u2029\uFEFF'; it('trims a string', function() { eq(R.trim(' xyz '), 'xyz'); From 94d057032c9b3ecf26d9842fbb12c981bda29f4b Mon Sep 17 00:00:00 2001 From: ready-research <72916209+ready-research@users.noreply.github.com> Date: Fri, 8 Oct 2021 01:25:54 +0530 Subject: [PATCH 2/2] Security fix for ReDoS (#3177) * Security fix for ReDoS Security fix for ReDoS vulnerability. * Update trim.js * Update trim.js * Update trim.js --- source/trim.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/trim.js b/source/trim.js index 73bc528402..52c90a5953 100644 --- a/source/trim.js +++ b/source/trim.js @@ -1,7 +1,7 @@ import _curry1 from './internal/_curry1'; -var ws = '\x09\x0A\x0B\x0C\x0D\x20\xA0\u1680\u180E\u2000\u2001\u2002\u2003' + +var ws = '\x09\x0A\x0B\x0C\x0D\x20\xA0\u1680\u2000\u2001\u2002\u2003' + '\u2004\u2005\u2006\u2007\u2008\u2009\u200A\u202F\u205F\u3000\u2028' + '\u2029\uFEFF'; var zeroWidth = '\u200b'; @@ -21,7 +21,7 @@ var hasProtoTrim = (typeof String.prototype.trim === 'function'); * R.trim(' xyz '); //=> 'xyz' * R.map(R.trim, R.split(',', 'x, y, z')); //=> ['x', 'y', 'z'] */ -var trim = !hasProtoTrim || (ws.trim() || !zeroWidth.trim()) ? +var trim = !hasProtoTrim || ws.trim() || !zeroWidth.trim() ? _curry1(function trim(str) { var beginRx = new RegExp('^[' + ws + '][' + ws + ']*'); var endRx = new RegExp('[' + ws + '][' + ws + ']*$');