Skip to content

Commit

Permalink
fix: optimize regular expression by removing non-capturing group
Browse files Browse the repository at this point in the history
  • Loading branch information
jean-michelet committed Jan 27, 2024
1 parent 4408684 commit af1305a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/AstAnalyser.js
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,6 @@ export class AstAnalyser {
* @returns {string}
*/
#removeHTMLComment(str) {
return str.replaceAll(/<!--[\s\S]*?(?:-->)/g, "");
return str.replace(/<!--[\s\S]*?-->/g, "");

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data High

This
regular expression
that depends on
library input
may run slow on strings starting with '<!--' and with many repetitions of '<!--'.
This
regular expression
that depends on
library input
may run slow on strings starting with '<!--' and with many repetitions of '<!--'.
This
regular expression
that depends on
library input
may run slow on strings starting with '<!--' and with many repetitions of '<!--'.

Check failure

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
<!--
, which may cause an HTML element injection vulnerability.
}
}

0 comments on commit af1305a

Please sign in to comment.