Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix gfm extended autolinking requiring multiple backpedals #1293

Merged
merged 3 commits into from
Jul 5, 2018
Merged

fix gfm extended autolinking requiring multiple backpedals #1293

merged 3 commits into from
Jul 5, 2018

Conversation

Trott
Copy link
Contributor

@Trott Trott commented Jun 22, 2018
edited by styfle
Loading

Marked version:

0.4.0

Markdown flavor:

GitHub Flavored Markdown

Description

Add a test and fix that trailing punctuation is omitted in link URLs for
markdown like this:

(See https://www.example.com/fhqwhgads.)

The trailing period and closing parenthesis should not be part of the
link URL.

Expectation

<p>(See <a href="https://www.example.com/fhqwhgads">https://www.example.com/fhqwhgads</a>.)</p>

Result

<p>(See <a href="https://www.example.com/fhqwhgads.">https://www.example.com/fhqwhgads.</a>)</p>

Note that the trailing period is included as part of the URL. That's the bug.

Contributor

  • Test(s) exist to ensure functionality and minimize regression (if no tests added, list tests covering this PR); or,

Committer

In most cases, this should be a different person than the contributor.

  • Draft GitHub release notes have been updated.
  • CI is green (no forced merge required).
  • Merge PR

@Trott Trott mentioned this pull request Jun 22, 2018
Closed
2 tasks
UziTech
UziTech requested changes Jun 22, 2018
View reviewed changes
Copy link
Member

@UziTech UziTech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't include changes to marked.min.js in this PR. It is generated automatically on merge.

Other than that LGTM

@Trott
fix gfm extended autolinking requiring multiple backpedals
a3cddee 
Add a test and fix that trailing punctuation is omitted in link URLs for
markdown like this:

    (See https://www.example.com/fhqwhgads.)

The trailing period and closing parenthesis should not be part of the
link URL.
@Trott
Copy link
Contributor Author

Trott commented Jun 22, 2018

@UziTech I've backed out the change to marked.min.js.

@Feder1co5oave
Copy link
Contributor

Feder1co5oave commented Jun 23, 2018
edited
Loading

A possessive quantifier to eat all the trailing punctuation in the backpedal regex would fix this very elegantly, unfortunately there is scarce support for them in regex engines.
This looks like a decent workaround for that.

Suggestion: have you tested the behavior of the current and proposed backpedaling algorithm with maliciously long sequences of trailing punctuation in a gfm autolink?
The backpedal regex should always match, and it shouldn't backtrack except for the corner case of this issue where multiple punctuation is found at the end, where only one additional step should be required to match up until the second-last character, is my guess.

davisjam
davisjam reviewed Jun 27, 2018
View reviewed changes
test/specs/marked/marked-spec.js Outdated
describe('Marked Autolinks', function() {
var section = 'Autolinks';

// var shouldPassButFails = [];
Copy link
Contributor

@davisjam davisjam Jun 27, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure why this line is here? Seems to duplicate the next line.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a copy/paste from elsewhere in the same file. See lines 53 and 68. I'll remove them all.

@davisjam
Copy link
Contributor

On the theme suggested by @Feder1co5oave, @Trott can you add tests for a URL inside nested parentheses?

((http://foo.com))
((http://foo.com.))

@Trott
Copy link
Contributor Author

Trott commented Jun 27, 2018

On the theme suggested by @Feder1co5oave, @Trott can you add tests for a URL inside nested parentheses?

((http://foo.com))
((http://foo.com.))

@davisjam Done.

@Trott
Copy link
Contributor Author

Trott commented Jun 27, 2018

Suggestion: have you tested the behavior of the current and proposed backpedaling algorithm with maliciously long sequences of trailing punctuation in a gfm autolink?

@Feder1co5oave I'm not sure what would constitute "maliciously long" in this instance. Can you provide an example or a description? And would it be reasonable to include one in the specs?

@Martii
Copy link
Contributor

Martii commented Jun 27, 2018
edited
Loading

@Trott
I believe it's about a ReDoS vector with dynamic input.

Let's see how GH handles that (don't mind the below... meant as a test only... not to annoy... EDIT don't want to overload the url in the demos).

(See https://www.example.com/fhqwhgads..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................)

Okay that should be enough to test although probably not a ReDoS equivalent (add a few million to see for sure but won't do that here). 😸

@Martii
Copy link
Contributor

Martii commented Jun 27, 2018
edited
Loading

Interesting... autolinking doesn't appear to work like this right now:

Excessive periods

(See https://www.example.com/fhqwhgads..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................)

Does any markdown work inside HTML tags here? (should be bold)

@Trott
Copy link
Contributor Author

Trott commented Jun 27, 2018

Does any markdown work inside HTML tags here? (should be bold)

@Martii My understanding of markdown specs is that markdown is not expanded inside block elements.

@Martii
Copy link
Contributor

Martii commented Jun 27, 2018

@Trott

My understanding of markdown specs is that markdown is not expanded inside block elements.

So it looks like GH GFM may have a bug too since it's bolding and italicizing.

Ex.

**This is inside a p HTML tag and should not be bolded**

Gotta love md implementations sometimes. 😸 Thanks for the tip to look for.

@Trott
Copy link
Contributor Author

Trott commented Jun 27, 2018

@Martii Doesn't look buggy to me!

Inside a <p> element so should not bold:

**Look! No bold!!**

Not inside a <p> element so should bold:

Very bold!

@Trott
Copy link
Contributor Author

Trott commented Jun 27, 2018
edited
Loading

Is there anything else that needs to happen to this before it can be merged? Not pushing for it to happen now now now or anything, but if there's something that's waiting on me, I'd like to address it.

@Martii
Copy link
Contributor

Martii commented Jun 27, 2018

@Trott
Look inside the comment dropdown details at #1293 (comment) Keeping in linear context is key with the prior comment from you. So yes it is bolding and italicizing currently... which is why I said italicizing so you wouldn't get confused. Guess that didn't work.

@Trott
Copy link
Contributor Author

Trott commented Jun 28, 2018
edited
Loading

Ex. seemed like it was short for Example of the bug I just described in the previous sentence, but it's followed by correct (as far as I can tell?) rendering. That was the source of my misunderstanding.

I see now that in the <details> section, there is bolding and italicizing but not autolinking. I suppose that's a bug, although I guess GitHub gets to write whatever rules they want for GFM, so maybe that's the correct spec behavior in some weird way. I'm kidding. Maybe. I guess there's also the fact that <details> is non-standard to begin with, so maybe all bets are off anyway. At this point, though, I'm just making stuff up so maybe it's best if I stop typing since I'm almost certainly wrong about at least four things in this paragraph. Hope this was at least mildly entertaining.

EDIT: Yep, I'm wrong about <details> being non-standard, guess that happens when you don't write HTML for about 10 years...

@styfle
Copy link
Member

styfle commented Jun 28, 2018

@davisjam I think your comments were addressed, correct?
Anything else needed before we merge this?

This was referenced Mar 30, 2020
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Apr 6, 2020
Open
Open
Open
Open
Open
Open
Open
Open
Closed
Closed
Open
Open
Closed
Open
Open
Open
Open
Open
Open
Open
zhenalexfan pushed a commit to zhenalexfan/MarkdownHan that referenced this pull request Nov 8, 2021
@styfle
Merge pull request markedjs#1293 from Trott/trailing-period
a562ab3 
fix gfm extended autolinking requiring multiple backpedals
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davisjam davisjam davisjam left review comments

@styfle styfle styfle approved these changes

@UziTech UziTech UziTech approved these changes

@joshbruce joshbruce Awaiting requested review from joshbruce

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.5.0 - Commonmark Compliance
Development

Successfully merging this pull request may close these issues.
6 participants
@Trott @Feder1co5oave @davisjam @Martii @styfle @UziTech