Skip to content

Commit

Permalink
fix: Prevent ReDoS attack (CWE-1333)
Browse files Browse the repository at this point in the history 
Change regular expression to prevent ReDoS attack:
<https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS>
  • Loading branch information
@macie
macie committed Nov 23, 2022
1 parent d21a541 commit f8b77f8
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 4 deletions.
2 changes: 1 addition & 1 deletion dist/smallstache.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
function fillTemplate(tag, name) {
return data[name] != null ? data[name] : tag;
}
return this.source.replace(/{{\s*([^}\s]+)\s*}}/g, fillTemplate);
return this.source.replace(/{{\s*([^{}\s]+)\s*}}/g, fillTemplate);
};
});

2 changes: 1 addition & 1 deletion dist/smallstache.min.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "smallstache",
"version": "0.5.2",
"version": "0.5.3",
"description": "Lightweight template engine similar to Mustache/Handlebars.",
"keywords": [
"smallstache",
Expand Down
3 changes: 2 additions & 1 deletion src/Smallstache.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,8 @@ Smallstache.prototype.fill = function(data) {
return (data[name] != null) ? data[name] : tag;
}

return this.source.replace(/{{\s*([^}\s]+)\s*}}/g, fillTemplate);
return this.source.replace(/{{\s*([^{}\s]+)\s*}}/g, fillTemplate);
};

export { Smallstache as default };

0 comments on commit f8b77f8

Please # to comment.