Skip to content

Commit

Permalink
fix(isSlug & rtrim): regex no longer exposed to ReDOS attacks (#1603)
Browse files Browse the repository at this point in the history
  • Loading branch information
fedeci authored Mar 3, 2021
1 parent 2331120 commit 6d87bfe
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion src/lib/isSlug.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import assertString from './util/assertString';

let charsetRegex = /^[^\s-_](?!.*?[-_]{2,})([a-z0-9-\\]{1,})[^\s]*[^-_\s]$/;
let charsetRegex = /^[^\s-_](?!.*?[-_]{2,})[a-z0-9-\\][^\s]*[^-_\s]$/;

export default function isSlug(str) {
assertString(str);
Expand Down
2 changes: 1 addition & 1 deletion src/lib/rtrim.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@ import assertString from './util/assertString';
export default function rtrim(str, chars) {
assertString(str);
// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions#Escaping
const pattern = chars ? new RegExp(`[${chars.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}]+$`, 'g') : /\s+$/g;
const pattern = chars ? new RegExp(`[${chars.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}]+$`, 'g') : /(\s)+$/g;
return str.replace(pattern, '');
}

0 comments on commit 6d87bfe

Please sign in to comment.