Regex DOS can occur with HTML

[clgeoio]

Whilst the name does imply converting markdown to JSX, the readme does say

Arbitrary HTML is supported and parsed into the appropriate JSX representation without dangerouslySetInnerHTML

When the following HTML is passed to markdown-to-jsx , the browser/node server will lock up and use 100% CPU due to a suspected infinite regex parsing issue.

<span><span><span><span>Text</span></span></span></span>Text<br /><br /><strong>Text</strong><br /><strong><br /></strong>Text<a href="https://www.google.com/" rel="noopener noreferrer" target="_blank">Link</a>  <a href="https://www.google.com/" rel="noopener noreferrer" target="_blank">Link</a>.Text<br /><br /><strong>Bold</strong><br /><strong><br /></strong>More text text text<br /><br /><strong>Bold</strong><br /><strong><br /></strong>

This above snippet is the output from a popular WYSIWYG editor, Froala. If copied and pasted into https://probablyup.com/markdown-to-jsx/, it will lock up your browser.

I am using markdown-to-jsx 7.1.1.

[Prabhakar-Poudel]

Interestingly. When I paste the snippet in the example link, and the current contents is empty, it freezes as said. But when there is something already present there is no issue.