From eab9511e4efbc8c521e18b6cf2e8565ae50c5a16 Mon Sep 17 00:00:00 2001 From: commenthol Date: Sun, 4 Mar 2018 21:06:16 +0100 Subject: [PATCH] [#212] Fix Vulnerable Regular Expressions --- dist/string.js | 9 +++++---- lib/string.js | 9 +++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/dist/string.js b/dist/string.js index 890407b..c3d5ec1 100644 --- a/dist/string.js +++ b/dist/string.js @@ -206,7 +206,7 @@ string.js - Copyright (C) 2012-2014, JP Richardson var s = this.trim().s.replace(/[_\s]+/g, '-').replace(/([A-Z])/g, '-$1').replace(/-+/g, '-').toLowerCase(); return new this.constructor(s); }, - + equalsIgnoreCase: function(prefix) { var s = this.s; return s.toLowerCase() == prefix.toLowerCase() @@ -690,14 +690,15 @@ string.js - Copyright (C) 2012-2014, JP Richardson return this.s; }, - //#modified from https://github.com/epeli/underscore.string underscore: function() { - var s = this.trim().s.replace(/([a-z\d])([A-Z]+)/g, '$1_$2').replace(/([A-Z\d]+)([A-Z][a-z])/g,'$1_$2').replace(/[-\s]+/g, '_').toLowerCase(); + var s = this.trim().s.replace(/([A-Z])/g, function (_, m, i) { + return (i ? '_' : '') + m.toLowerCase(); + }).replace(/[\s_-]+/g, '_'); return new this.constructor(s); }, unescapeHTML: function() { //from underscore.string - return new this.constructor(this.s.replace(/\&([^;]+);/g, function(entity, entityCode){ + return new this.constructor(this.s.replace(/&([^;]{1,20});/g, function(entity, entityCode){ var match; if (entityCode in escapeChars) { diff --git a/lib/string.js b/lib/string.js index 826afd0..5d8cdf3 100644 --- a/lib/string.js +++ b/lib/string.js @@ -129,7 +129,7 @@ string.js - Copyright (C) 2012-2014, JP Richardson var s = this.trim().s.replace(/[_\s]+/g, '-').replace(/([A-Z])/g, '-$1').replace(/-+/g, '-').toLowerCase(); return new this.constructor(s); }, - + equalsIgnoreCase: function(prefix) { var s = this.s; return s.toLowerCase() == prefix.toLowerCase() @@ -613,14 +613,15 @@ string.js - Copyright (C) 2012-2014, JP Richardson return this.s; }, - //#modified from https://github.com/epeli/underscore.string underscore: function() { - var s = this.trim().s.replace(/([a-z\d])([A-Z]+)/g, '$1_$2').replace(/([A-Z\d]+)([A-Z][a-z])/g,'$1_$2').replace(/[-\s]+/g, '_').toLowerCase(); + var s = this.trim().s.replace(/([A-Z])/g, function (_, m, i) { + return (i ? '_' : '') + m.toLowerCase(); + }).replace(/[\s_-]+/g, '_'); return new this.constructor(s); }, unescapeHTML: function() { //from underscore.string - return new this.constructor(this.s.replace(/\&([^;]+);/g, function(entity, entityCode){ + return new this.constructor(this.s.replace(/&([^;]{1,20});/g, function(entity, entityCode){ var match; if (entityCode in escapeChars) {