Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regular expression backtracking in linkification #1425

Closed
blois opened this issue Feb 20, 2019 · 1 comment
Closed

Regular expression backtracking in linkification #1425

blois opened this issue Feb 20, 2019 · 1 comment
Labels
category: links L0 - security A security vulnerability within the Marked library is discovered

Comments

@blois
Copy link

blois commented Feb 20, 2019

In versions 0.6.0, 0.5.1 and 0.5.0 parsing this file takes ~2 minutes while it was pretty much instantaneous in 0.3.19.

Steps to reproduce the behavior with smaller repro:

  1. Marked Demo
  2. CommonMark Demo
  3. Install marked npm install --save marked@0.6.0 with the version you are using

Expected behavior
Rendering completes in a linear amount of time.

I see that a lot of the time is spent in https://github.com/markedjs/marked/blob/v0.5.1/lib/marked.js#L752

It seems that the regular expression has gotten quite a bit more complex between v0.3.19 and v0.5.1
@UziTech UziTech added category: links L0 - security A security vulnerability within the Marked library is discovered labels Feb 20, 2019
@UziTech UziTech mentioned this issue Feb 20, 2019
Merged
4 tasks
@Feder1co5oave
Copy link
Contributor

Wow! Great bug report! 🤩🤩

@blois blois mentioned this issue Aug 2, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
category: links L0 - security A security vulnerability within the Marked library is discovered
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@UziTech @Feder1co5oave @blois