Skip to content

Commit 3efcd10

Browse files
tivietivie
committed
fix(html-comments): changed regex to precent malformed long comment to freeze showdown
Closes #439
1 parent 0627e49 commit 3efcd10

File tree

7 files changed

+30
-12
lines changed

7 files changed

+30
-12
lines changed

dist/showdown.js

Lines changed: 10 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/showdown.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/showdown.min.js

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/showdown.min.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/subParsers/escapeSpecialCharsWithinTagAttributes.js

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,16 +6,22 @@ showdown.subParser('escapeSpecialCharsWithinTagAttributes', function (text, opti
66
'use strict';
77
text = globals.converter._dispatch('escapeSpecialCharsWithinTagAttributes.before', text, options, globals);
88

9-
// Build a regex to find HTML tags and comments. See Friedl's
10-
// "Mastering Regular Expressions", 2nd Ed., pp. 200-201.
11-
var regex = /(<[a-z\/!$]("[^"]*"|'[^']*'|[^'">])*>|<!(--.*?--\s*)+>)/gi;
9+
// Build a regex to find HTML tags.
10+
var regex = /(<[a-z\/!$]("[^"]*"|'[^']*'|[^'">])*>)/gi,
11+
// due to catastrophic backtrace we split the old regex into two, one for tags and one for comments
12+
regexComments = /<!(--(?:|(?:[^>-]|-[^>])(?:[^-]|-[^-])*)--)>/gi;
1213

1314
text = text.replace(regex, function (wholeMatch) {
1415
return wholeMatch
1516
.replace(/(.)<\/?code>(?=.)/g, '$1`')
1617
.replace(/([\\`*_~=|])/g, showdown.helper.escapeCharactersCallback);
1718
});
1819

20+
text = text.replace(regexComments, function (wholeMatch) {
21+
return wholeMatch
22+
.replace(/([\\`*_~=|])/g, showdown.helper.escapeCharactersCallback);
23+
});
24+
1925
text = globals.converter._dispatch('escapeSpecialCharsWithinTagAttributes.after', text, options, globals);
2026
return text;
2127
});

test/cases/html-comments.html

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,5 @@
66
<!-- comment -->
77
<pre><code>&lt;!-- comment --&gt;
88
</code></pre>
9+
<p>&lt;!----------------------------------------------------------------------------------------------------------------------------------------------------</p>
10+
<!-------------------------------------------------------------------->

test/cases/html-comments.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,3 +9,7 @@ words <!-- a comment --> words
99
<!-- comment -->
1010

1111
<!-- comment -->
12+
13+
<!----------------------------------------------------------------------------------------------------------------------------------------------------
14+
15+
<!-------------------------------------------------------------------->

0 commit comments

Comments
 (0)