fix(html-comments): changed regex to precent malformed long comment t…

…o freeze showdown Closes #439
showdownjs · Oct 2, 2017 · 3efcd10 · 3efcd10
1 parent 0627e49
commit 3efcd10
Show file tree

Hide file tree

Showing 7 changed files with 30 additions and 12 deletions.
diff --git a/dist/showdown.js b/dist/showdown.js
diff --git a/dist/showdown.js.map b/dist/showdown.js.map
diff --git a/dist/showdown.min.js b/dist/showdown.min.js
diff --git a/dist/showdown.min.js.map b/dist/showdown.min.js.map
diff --git a/src/subParsers/escapeSpecialCharsWithinTagAttributes.js b/src/subParsers/escapeSpecialCharsWithinTagAttributes.js
@@ -6,16 +6,22 @@ showdown.subParser('escapeSpecialCharsWithinTagAttributes', function (text, opti
   'use strict';
   text = globals.converter._dispatch('escapeSpecialCharsWithinTagAttributes.before', text, options, globals);
 
-  // Build a regex to find HTML tags and comments.  See Friedl's
-  // "Mastering Regular Expressions", 2nd Ed., pp. 200-201.
-  var regex = /(<[a-z\/!$]("[^"]*"|'[^']*'|[^'">])*>|<!(--.*?--\s*)+>)/gi;
+  // Build a regex to find HTML tags.
+  var regex = /(<[a-z\/!$]("[^"]*"|'[^']*'|[^'">])*>)/gi,
+  // due to catastrophic backtrace we split the old regex into two, one for tags and one for comments
+      regexComments = /<!(--(?:|(?:[^>-]|-[^>])(?:[^-]|-[^-])*)--)>/gi;
 
   text = text.replace(regex, function (wholeMatch) {
     return wholeMatch
       .replace(/(.)<\/?code>(?=.)/g, '$1`')
       .replace(/([\\`*_~=|])/g, showdown.helper.escapeCharactersCallback);
   });
 
+  text = text.replace(regexComments, function (wholeMatch) {
+    return wholeMatch
+      .replace(/([\\`*_~=|])/g, showdown.helper.escapeCharactersCallback);
+  });
+
   text = globals.converter._dispatch('escapeSpecialCharsWithinTagAttributes.after', text, options, globals);
   return text;
 });
diff --git a/test/cases/html-comments.html b/test/cases/html-comments.html
@@ -6,3 +6,5 @@
    <!-- comment -->
 <pre><code>&lt;!-- comment --&gt;
 </code></pre>
+<p>&lt;!----------------------------------------------------------------------------------------------------------------------------------------------------</p>
+<!-------------------------------------------------------------------->
diff --git a/test/cases/html-comments.md b/test/cases/html-comments.md
@@ -9,3 +9,7 @@ words <!-- a comment --> words
    <!-- comment -->
 
     <!-- comment -->
+
+<!----------------------------------------------------------------------------------------------------------------------------------------------------
+
+<!-------------------------------------------------------------------->