Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(id-class-value): fix ineficient regex #1414

Closed
wants to merge 2 commits into from
Closed

fix(id-class-value): fix ineficient regex #1414

wants to merge 2 commits into from

Conversation

bebehr
Copy link

@bebehr bebehr commented Feb 20, 2024

Replacing the capturing group quantifier ( ... )* with a non-capturing group quantifier (?: ... )* to reduce the risk of exponential backtracking.

#1147

Short description of what this resolves:

Reduce risk of exponential backtracking in rule id-class-value

Proposed changes:

@bebehr
fix(id-class-value): fix ineficient regex
5163d31 
Replacing the capturing group quantifier ( ... )* with a non-capturing group quantifier (?: ... )*
to reduce the risk of exponential backtracking.

#1147
@bebehr bebehr requested a review from thedaviddias as a code owner February 20, 2024 00:25
@github-actions github-actions bot added the core Relates to HTMLHint's core APIs and features label Feb 20, 2024
@bebehr bebehr marked this pull request as draft February 20, 2024 00:26
@bebehr
fix(id-class-value): fix inefficient regex
ea7ea2d 
The positive lookahead assertion `(?= ...)` is used to ensure that the check occurs after the first
lowercase letter and all subsequent characters have been verified to resolve the issue of reference
backtracking

#1147
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 20, 2024
View reviewed changes
src/core/rules/id-class-value.ts
@@ -17,7 +17,7 @@
'The id and class attribute values must be in lowercase and split by a dash.',
},
hump: {
regId: /^[a-z][a-zA-Z\d]*([A-Z][a-zA-Z\d]*)*$/,
regId: /^[a-z](?=[a-zA-Z\d]*$)(?:[a-zA-Z\d]*(?:[A-Z][a-zA-Z\d]*)*)?$/,

Check failure

Code scanning / CodeQL

Inefficient regular expression High

This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'A'.
@bebehr bebehr marked this pull request as ready for review February 20, 2024 11:43
@bebehr bebehr marked this pull request as draft February 20, 2024 15:59
@bebehr bebehr closed this by deleting the head repository Sep 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thedaviddias thedaviddias Awaiting requested review from thedaviddias thedaviddias is a code owner

Assignees
No one assigned
Labels
core Relates to HTMLHint's core APIs and features
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bebehr