Fixed ReDos vulnerability in prototypejs (#3003)

fballiano · web-flow · commit 9af7115be67f · 2023-02-02T10:00:25.000Z
diff --git a/js/prototype/prototype.js b/js/prototype/prototype.js
@@ -621,7 +621,7 @@ Object.extend(String.prototype, (function() {
   }
 
   function stripTags() {
-    return this.replace(/<\w+(\s+("[^"]*"|'[^']*'|[^>])+)?(\/)?>|<\/\w+>/gi, '');
+    return this.replace(/<\w+(\s+("[^"]*"|'[^']*'|[^>'"])+)?\s*("[^">]*|'[^'>])?(\/)?>|<\/\w+>/gi, '');
   }
 
   function stripScripts() {

Original file line number	Diff line number	Diff line change
`@@ -621,7 +621,7 @@ Object.extend(String.prototype, (function() {`
`621`	`621`	`}`
`622`	`622`
`623`	`623`	`function stripTags() {`
`624`		`- return this.replace(/<\w+(\s+("[^"]"\|'[^']'\|[^>])+)?(\/)?>\|<\/\w+>/gi, '');`
	`624`	`+ return this.replace(/<\w+(\s+("[^"]"\|'[^']'\|[^>'"])+)?\s("[^">]\|'[^'>])?(\/)?>\|<\/\w+>/gi, '');`
`625`	`625`	`}`
`626`	`626`
`627`	`627`	`function stripScripts() {`