Table parsing is vulnerable to a ReDOS attack

[aharpole]

Hi there! I'm a member of GitHub's coding team and I was recently reviewing a report that certain maliciously crafted strings can cause the creole gem to take a long time to render by forcing the gem to spend exponential time matching strings to regular expressions.

Example:

irb(main):006:0> Benchmark.measure { Creole.creolize("|{{{{}}}}{{{{}}}}{{{{}}}}{{{{}}}}{{{{}}}}{{{{}}}}{{{{}}}}{{{{~") }
=> #<Benchmark::Tms:0x00007f9cd7792220 @label="", @real=7.256839563999165, @cstime=0.0, @cutime=0.0, @stime=0.0, @utime=7.256716999999998, @total=7.256716999999998>

The impact for us is not huge (we limit the amount of time spent rendering) but just wanted to pass this info along!