CVE-2021-33623 points out that the code snippet below (addressed in this commit, along with test cases) is susceptible to ReDoS vulnerabilities:
trimNewlines.end = string => string.replace(/[\r\n]+$/, '');
What makes it prone to ReDoS attacks specifically?
The time complexity of the regular expression is O(n²) because the regex engine attempts to match the pattern at each position inside the string. It's important to note that the regex engine scans the input string from left to right, trying to find a match at every position, and the pattern sequences are also evaluated from left to right. For example, when processing [\r\n]+, the regex engine starts by trying to match it at the beginning of the string. If no CR/LF characters are found, the pattern processing at that location stops, and the engine moves on to the next position within the string, repeating the process until a match is found. Only then does it check for $.
Therefore, the pattern [\r\n]+$ does not directly locate the end of the string and backtrack to consume line breaks; instead, the regex engine evaluates each position in the string for line breaks and then checks for the end of the string. This can lead to poor performance with large strings.
Some regex engines offer the option to search for matches from the end of the string, such as in .NET (using RegexOptions.RightToLeft) or in Python's PyPi regex module (with regex.REVERSE or (?r)). Unfortunately, this feature is not available in JavaScript.
One possible alternative is to match any characters other than line breaks followed by line breaks, capturing them. However, keeping a long string within a capturing group may not be efficient. Therefore, using string manipulation methods might be more suitable in such scenarios rather than relying solely on regular expressions like
.replace(/^([\r\n]*[^\r\n]+(?:[\r\n]+[^\r\n]+)*)[\r\n]+$/, '$1').replace(/^((?:[\r\n]*[^\r\n]+)+)[\r\n]+$/, '$1')[\r\n]+$ pattern, but may not offer the best performance in practice.
I have implemented a drag and drop feature using jQuery, and I am trying to extract the value of an image and insert it into a database. Additionally, I want to update and remove the image value when it is removed from the droppable area. How can I achie ...
Is it possible to export a namespace from one typescript .d.ts file and then import that namespace into another .d.ts file where it is utilized inside of a namespace? For instance: namespace_export.d.ts export namespace Foo { interface foo { ...
After successfully installing tauri-plugin-sql by adding the specified content to src-tauri/Cargo.toml : [dependencies.tauri-plugin-sql] git = "https://github.com/tauri-apps/plugins-workspace" branch = "v1" features = ["sqlite" ...
I am looking to integrate both Tailwind and Material Tailwind in a Next.js 14 project. Below is my customized tailwind.config.ts file (already configured with Tailwind CSS): import type { Config } from 'tailwindcss' const config: Config = { ...
This piece of code allows me to toggle the visibility of a div: <a href="#" class="show_hide">Show/hide</a> <div class="slidingDiv"> My content...... <a href="#" class="show_hide">hide</a></div> <script src="http:// ...
Unique Scenario Imagine the structure of a folder as follows: /my-app /src /dist /some-library /src /dist package.json my-package.json Two npm packages are present: one for my-app and one for some-library. my-app relies on some-library. ...
Currently, my project involves coding with React.js on the client side and Express.js on the server side. I have encountered an issue when attempting to use the POST method to transmit data from the client to the server for storage in a JSON file. The erro ...
Currently, I am facing an issue with a card section that contains two buttons and a description. The first button adds an image which is working perfectly fine, as well as the description section. On the other hand, the second button adds a video and when ...
Recently, I started incorporating TypeScript and React into my company's existing JavaScript code base. It has been a bit of a rollercoaster ride, as I'm sure many can relate to. After conquering major obstacles such as setting up webpack correc ...
Recently, I've been working with Express and wanted to incorporate ES6 using babel in my project. One question that has been on my mind is related to the use of static methods for handling requests, as shown below: class MyCtrl { static index (r ...
I am working on a web form that includes two select fields: Country and City: <select id="country" onchange="getCity(this);"> <option value="">-- Please select your country --</option> <option value="1">Austria& ...
I'm currently working on two different charts for a project - a bar chart and a line chart. The bar chart is displayed on the first tab, while the line chart is on the second tab. Interestingly, the bar chart functions properly, and when I point the l ...
I am looking to implement a mutation in Vuex that dynamically updates the state by specifying a path to the object from which I want to remove an element, along with the key of the element. Triggering the action deleteOption(path, key) { this.$store.d ...
Having recently started learning Javascript, I have been engaging with various tutorials and projects in order to gain familiarity with the language. One particular tutorial that caught my attention is a Progress-Bar tutorial by "dcode" available at this l ...
I am trying to dynamically add an ID called "myMenu" using JavaScript to a ul element for a search filter. Unfortunately, I am unable to directly access the ul tag to change it, so I need to do it via JavaScript. As I am new to JavaScript, I am looking t ...
I need help updating my Angular version from 5 to 6 and I'm following these steps: Want to upgrade project from Angular v5 to Angular v6 After running the commands ng update @angular/cli and ng update @angular/core, I encountered the err ...
hardhat.config.js require("@nomicfoundation/hardhat-toolbox"); /** @type import('hardhat/config').HardhatUserConfig */ module.exports = { solidity: "0.8.18", }; /* @type import('hardhat/config').HardhatUserConfig* ...
Looking for a way to customize the active link style using styled components. I have a navigation bar where the currently active link should have a specific style applied. Any suggestions are appreciated! import React from 'react' import Link f ...
Although the title may be misleading, how can you achieve the following: a = [1, 2, 2, 3, 3, 3]; b = [1, 2, 3]; a.subtract(b); I am aiming for a result of [2, 3, 3] instead of an empty array, as seen in other similar solutions. I want to remove only the ...
I'm trying to fetch API data from using this code: <template> <div> </div> </template> <script> definePageMeta({ layout: "products" }) export default { data () { return { data: &apo ...