-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Render html in heading #1622
Render html in heading #1622
Conversation
This pull request is being automatically deployed with ZEIT Now (learn more). 🔍 Inspect: https://zeit.co/markedjs/markedjs/6rqwcwe36 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, thanks!
@davisjam could you check that |
Would like to hold off on my approval until @davisjam (or someone) can review for REDOS. |
According to http://redos-checker.surge.sh/, it is vulnerable, which makes sense since the lookahead can also match characters in That said, both of these options break rather easily... regex isn't a good html parser. The <a href="BREAK>" target="_blank">tag</a> |
as for the |
That being said your regex might be better since it is simpler. I would like to match GitHub but I don't know what regex GitHub uses for it's heading ids. |
I simplified the regex to @joshbruce this regex is definitely not vulnerable. |
I’m finding myself being pulled to family and friends at the moment. Can we temporarily move to a single review model - as long as it doesn’t introduce a security vulnerability? Further, if it does, the only required review would be for the security piece? |
Not in a position to complete second approves flow. @styfle?? |
I got it. |
Marked version: 0.8.1
Description
Fixes #1621
Contributor
Committer
In most cases, this should be a different person than the contributor.