fix(rtrim): remove regex to prevent ReDOS attack (#1738)

Author: tux-tn

Diff for: src/lib/rtrim.js

@@ -2,7 +2,16 @@ import assertString from './util/assertString';
 
 export default function rtrim(str, chars) {
   assertString(str);
-  // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions#Escaping
-  const pattern = chars ? new RegExp(`[${chars.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}]+$`, 'g') : /(\s)+$/g;
-  return str.replace(pattern, '');
+  if (chars) {
+    // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions#Escaping
+    const pattern = new RegExp(`[${chars.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}]+$`, 'g');
+    return str.replace(pattern, '');
+  }
+  // Use a faster and more safe than regex trim method https://blog.stevenlevithan.com/archives/faster-trim-javascript
+  let strIndex = str.length - 1;
+  while (/\s/.test(str.charAt(strIndex))) {
+    strIndex -= 1;
+  }
+
+  return str.slice(0, strIndex + 1);
 }