Fixed possible regular expression denial of service

Author: taylorhakes

bower.json

@@ -1,7 +1,7 @@
 {
   "name": "fecha",
   "main": "fecha.js",
-  "version": "1.1.1",
+  "version": "1.2.0",
   "homepage": "https://github.com/taylorhakes/fecha",
   "authors": [
     "Taylor Hakes"

fecha.js

@@ -208,6 +208,12 @@
 
     format = fecha.masks[format] || format;
 
+    // Avoid regular expression denial of service, fail early for really long strings
+    // https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS
+    if (dateStr.length > 1000) {
+      return false;
+    }
+
     isValid = true;
     dateInfo = {};
     format.replace(token, function ($0) {

fecha.min.js

@@ -96,6 +96,13 @@
           fecha.parse('2014-11-05', false)
         }).toThrow();
       });
+      it('long input false', function () {
+        var input = '';
+        for (var i = 0; i < 1002; i++) {
+          input += '1';
+        }
+        expect(fecha.parse(input, 'HH')).toBe(false);
+      });
     });
     describe('format', function () {
       // Day of the month

fecha.spec.js

@@ -1,6 +1,6 @@
 {
   "name": "fecha",
-  "version": "1.1.1",
+  "version": "1.2.0",
   "description": "Date formatting and parsing",
   "main": "fecha.js",
   "scripts": {