From f8b77f8915372a874a5a07bca57be9f7b5d77734 Mon Sep 17 00:00:00 2001
From: macie <macie@users.noreply.github.com>
Date: Wed, 23 Nov 2022 21:52:23 +0100
Subject: [PATCH] fix: Prevent ReDoS attack (CWE-1333)

Change regular expression to prevent ReDoS attack:
<https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS>
---
 dist/smallstache.js     | 2 +-
 dist/smallstache.min.js | 2 +-
 package.json            | 2 +-
 src/Smallstache.js      | 3 ++-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/dist/smallstache.js b/dist/smallstache.js
index bfea5b1..80fbdc0 100644
--- a/dist/smallstache.js
+++ b/dist/smallstache.js
@@ -49,7 +49,7 @@
     function fillTemplate(tag, name) {
       return data[name] != null ? data[name] : tag;
     }
-    return this.source.replace(/{{\s*([^}\s]+)\s*}}/g, fillTemplate);
+    return this.source.replace(/{{\s*([^{}\s]+)\s*}}/g, fillTemplate);
   };
 });
 
diff --git a/dist/smallstache.min.js b/dist/smallstache.min.js
index 560c69e..c28e242 100644
--- a/dist/smallstache.min.js
+++ b/dist/smallstache.min.js
@@ -1,2 +1,2 @@
-!function(e,t){"function"==typeof define&&define.amd?define(["exports"],t):"undefined"!=typeof exports?t(exports):(t(t={}),e.Smallstache=t)}("undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:this,function(e){"use strict";function t(e){if("string"!=typeof e)throw new TypeError("Template source must be a string");this.source=e}Object.defineProperty(e,"__esModule",{value:!0}),(e.default=t).prototype.fill=function(n){return this.source.replace(/{{\s*([^}\s]+)\s*}}/g,function(e,t){return null!=n[t]?n[t]:e})}});
+!function(e,t){"function"==typeof define&&define.amd?define(["exports"],t):"undefined"!=typeof exports?t(exports):(t(t={}),e.Smallstache=t)}("undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:this,function(e){"use strict";function t(e){if("string"!=typeof e)throw new TypeError("Template source must be a string");this.source=e}Object.defineProperty(e,"__esModule",{value:!0}),(e.default=t).prototype.fill=function(n){return this.source.replace(/{{\s*([^{}\s]+)\s*}}/g,function(e,t){return null!=n[t]?n[t]:e})}});
 //# sourceMappingURL=./smallstache.js.map
\ No newline at end of file
diff --git a/package.json b/package.json
index 6d111d6..1c26ef8 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "smallstache",
-  "version": "0.5.2",
+  "version": "0.5.3",
   "description": "Lightweight template engine similar to Mustache/Handlebars.",
   "keywords": [
     "smallstache",
diff --git a/src/Smallstache.js b/src/Smallstache.js
index 137c502..3466b47 100644
--- a/src/Smallstache.js
+++ b/src/Smallstache.js
@@ -32,7 +32,8 @@ Smallstache.prototype.fill = function(data) {
         return (data[name] != null) ? data[name] : tag;
     }
 
-    return this.source.replace(/{{\s*([^}\s]+)\s*}}/g, fillTemplate);
+    return this.source.replace(/{{\s*([^{}\s]+)\s*}}/g, fillTemplate);
 };
 
 export { Smallstache as default };
+