bleach icon indicating copy to clipboard operation
bleach copied to clipboard

Published 20 hours ago verified publisher icon ecto

Take a look

Open wilbertcr opened this issue 9 years ago • 2 comments
trafficstars

[https://srcclr.com/bleach/javascript/npm/c-12769/vulnerabilities]

wilbertcr avatar Apr 01 '16 00:04 wilbertcr

The link says there is a low-risk denial of service issue with this module related to regular expressions. A more specific link is here:

https://srcclr.com/security/regular-expression-denial-service-redos-/javascript/sid-1862/technical

Version 0.3.0, the current version, is listed as being vulnerable.

The problematic line pointed to is this one: https://github.com/ecto/bleach/blob/master/lib/bleach.js#L73

A related reference is here: https://nodesecurity.io/advisories/47

More about RegEx-based DOS: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS

markstos avatar Jul 29 '16 18:07 markstos

A potential workaround could be this, couldn't it?

Iam not very experienced with Regex-based DOS, but might this help?

      html = html.replace(/<script(?:.*?)>(?:.|[\r\n])*?<\/script(?:.*)>/gmi, '');

vs.

      html = html.replace(/<script(.*?)>(.*?[\r\n])*?(.*?)(.*?[\r\n])*?<\/script>/gim, '');

Quantified group with a quantifier in it thingy is gone.

wusala01 avatar Nov 12 '18 10:11 wusala01