Skip to content

Commit

Permalink
Add backtrack protection to 1.x release (#320)
Browse files Browse the repository at this point in the history
  • Loading branch information
blakeembrey authored Sep 10, 2024
1 parent 32a14b0 commit 925ac8e
Show file tree
Hide file tree
Showing 5 changed files with 4,250 additions and 36 deletions.
13 changes: 11 additions & 2 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,9 @@ function parse (str, options) {
var partial = prefix != null && next != null && next !== prefix
var repeat = modifier === '+' || modifier === '*'
var optional = modifier === '?' || modifier === '*'
var delimiter = res[2] || defaultDelimiter
var delimiter = prefix || defaultDelimiter
var pattern = capture || group
var prevText = prefix || (typeof tokens[tokens.length - 1] === 'string' ? tokens[tokens.length - 1] : '')

tokens.push({
name: name || key++,
Expand All @@ -83,7 +84,7 @@ function parse (str, options) {
repeat: repeat,
partial: partial,
asterisk: !!asterisk,
pattern: pattern ? escapeGroup(pattern) : (asterisk ? '.*' : '[^' + escapeString(delimiter) + ']+?')
pattern: pattern ? escapeGroup(pattern) : (asterisk ? '.*' : restrictBacktrack(delimiter, prevText))
})
}

Expand All @@ -100,6 +101,14 @@ function parse (str, options) {
return tokens
}

function restrictBacktrack(delimiter, prevText) {
if (!prevText || prevText.indexOf(delimiter) > -1) {
return '[^' + escapeString(delimiter) + ']+?'
}

return escapeString(prevText) + '|(?:(?!' + escapeString(prevText) + ')[^' + escapeString(delimiter) + '])+?'
}

/**
* Compile a string to a template function for the path.
*
Expand Down
Loading

0 comments on commit 925ac8e

Please # to comment.