LGTM-Alert Polynomial regular expression used on uncontrolled data

Question

Uzlopak opened this issue 3 years ago · 8 comments

Answer 1 · 2022-06-15T16:49:44.000Z

Thanks for reporting! Would you like to send a Pull Request to address this issue? Remember to add unit tests.

Answer 2 · 2022-06-15T18:07:25.000Z

I dont have a laptop the next 4 days, so if you want to wait that long, i could try. But i am not quite sure why you call match on not test.

I assume that you can fix it by doing, as the s-flag means that dot also matches newline
/\/\/(?:.)*:(?:\/|\?|#|$)/s

Or why do you need the non matching groups anyway,

Maybe the original writer of that regex can give more insights?

Answer 3 · 2022-06-15T19:52:58.000Z

Totally, take your time. cc @zekth

Answer 4 · 2022-06-15T20:22:12.000Z

I'll try to investigate

Answer 5 · 2022-06-15T21:04:13.000Z

This is relative to an old IE fix. I think we can drop the whole statement IMO

Answer 6 · 2022-06-15T23:05:03.000Z

Let's do it.

Answer 7 · 2022-06-16T07:04:11.000Z

This is relative to an old IE fix. I think we can drop the whole statement IMO

Got a link or some additional info on that @zekth? Just curious as to what it was fixing (I still have to support IE forever unfortunately).

Answer 8 · 2022-06-16T07:23:03.000Z