New denial of service attack! #280
Was going over the inline html scanning routines when I ran into some questionable scanning methods. In particular, parsing repetitions of
Haven't tested other parsers yet. It would probably be good to test them as well and let them know when they are also vulnerable.
@marcusklaas Fixed in MD4C by remembering how far we have scanned for the expected HTML closer without finding it. Later attempts for re-scanning for the same closer then may fail early.
Note other raw HTML openers (e.g. HTML processing instructions or declarations) exhibited the same problem so you may need to check them too.