LGTM-Alert Polynomial regular expression used on uncontrolled data #42

Uzlopak · 2022-06-15T12:57:23Z

mcollina · 2022-06-15T16:49:44Z

Thanks for reporting! Would you like to send a Pull Request to address this issue? Remember to add unit tests.

Uzlopak · 2022-06-15T18:07:25Z

I dont have a laptop the next 4 days, so if you want to wait that long, i could try. But i am not quite sure why you call match on not test.

I assume that you can fix it by doing, as the s-flag means that dot also matches newline
/\/\/(?:.)*:(?:\/|\?|#|$)/s

Or why do you need the non matching groups anyway,

Maybe the original writer of that regex can give more insights?

mcollina · 2022-06-15T19:52:58Z

Totally, take your time. cc @zekth

zekth · 2022-06-15T20:22:12Z

I'll try to investigate

zekth · 2022-06-15T21:04:13Z

This is relative to an old IE fix. I think we can drop the whole statement IMO

mcollina · 2022-06-15T23:05:03Z

Let's do it.

Fdawgs · 2022-06-16T07:04:11Z

This is relative to an old IE fix. I think we can drop the whole statement IMO

Got a link or some additional info on that @zekth? Just curious as to what it was fixing (I still have to support IE forever unfortunately).

zekth · 2022-06-16T07:23:03Z

zekth mentioned this issue Jun 16, 2022

fix: unused IE fix path #44

Merged

4 tasks

zekth closed this as completed in #44 Jun 16, 2022

Provide feedback