From 8afc39fb0e7c3fc64519c3f0d1fbccce5e55fb7c Mon Sep 17 00:00:00 2001 From: RobertDober Date: Mon, 22 Jun 2020 12:03:35 +0200 Subject: [PATCH] Refs: #356; We'll keep it here from now, as in 1.5 this might become obsolete due to #358 --- lib/earmark/line_scanner.ex | 6 +++++- test/acceptance/ast/html/block_test.exs | 11 +++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/lib/earmark/line_scanner.ex b/lib/earmark/line_scanner.ex index 8d76c90b..51814cd4 100644 --- a/lib/earmark/line_scanner.ex +++ b/lib/earmark/line_scanner.ex @@ -155,7 +155,11 @@ defmodule Earmark.LineScanner do [_, tag] = match %Line.HtmlOpenTag{tag: tag, content: line, indent: 0} - match = !recursive && Regex.run(~r/\A(\s{0,3})<\/([-\w]+?)>/, line) -> + # Is there potential for a DoS attack here, must check this match against + # input like: + # "a\z/, line) -> [_, leading_spaces, tag] = match %Line.HtmlCloseTag{tag: tag, indent: String.length(leading_spaces)} diff --git a/test/acceptance/ast/html/block_test.exs b/test/acceptance/ast/html/block_test.exs index 5d1b8544..fb05f616 100644 --- a/test/acceptance/ast/html/block_test.exs +++ b/test/acceptance/ast/html/block_test.exs @@ -226,9 +226,16 @@ defmodule Acceptance.Ast.Html.BlockTest do assert as_ast(markdown) == {:error, ast, messages} end - test "however, this closes and keeps the garbage" do + test "new rule (tribute to, you know...) closing tag must be last one, but it ain't necessarily so (yet another tribute)" do markdown = "
\nline\n
" - ast = [{"div", [], ["line"], @verbatim}, ""] + ast = [{"div", '', ["line"], %{meta: %{verbatim: true}}}, ""] + messages = [{:warning, 1, "Failed to find closing
"}] + + assert as_ast(markdown) == {:error, ast, messages} + end + test "new rule (tribute to, you know...) closing tag must be last one, and is" do + markdown = "
\nline\n
" + ast = [{"div", [], ["line", ""], @verbatim}] messages = [] assert as_ast(markdown) == {:ok, ast, messages}