The following regular expressions used in underscore and unescapeHTML methods are vulnerable to ReDoS: ```js /([A-Z\d]+)([A-Z][a-z])/g /\&([^;]+);/g ``` The slowdown is moderately low (for 50,000 characters around 2 seconds matching time). I would suggest one of the following: - remove the regex, - anchor the regex, - limit the number of characters that can be matched by the repetition, - limit the input size. If needed, I can provide an actual example showing the slowdown.
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be still under discussion. The issue was opened by cristianstaicu and has received 31 comments.
Add a comment
Comment form would go here