Skip to content
Permalink
Browse files Browse the repository at this point in the history
Prevent Regex Denial of Service in Sisimai::String.to_plain
  • Loading branch information
gmcabrita committed Nov 28, 2022
1 parent 347c8bb commit 51fe2e6
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions lib/sisimai/string.rb
Expand Up @@ -66,8 +66,8 @@ def to_plain(argv1 = '', loose = false)
# 3. <a href = 'http://...'>...</a> to " http://... "
# 4. <a href = 'mailto:...'>...</a> to " Value <mailto:...> "
plain.scrub!('?')
plain.gsub!(%r|<head>.+</head>|im, '')
plain.gsub!(%r|<style.+?>.+</style>|im, '')
plain.gsub!(%r|<head>.*?</head>|im, '')
plain.gsub!(%r|<style.*?>.*?</style>|im, '')
plain.gsub!(%r|<a\s+href\s*=\s*['"](https?://.+?)['"].*?>(.*?)</a>|i, '[\2](\1)')
plain.gsub!(%r|<a\s+href\s*=\s*["']mailto:([^\s]+?)["']>(.*?)</a>|i, '[\2](mailto:\1)')

Expand Down

0 comments on commit 51fe2e6

Please sign in to comment.