RGBCube/cinny
1
Fork 0
mirror of https://github.com/RGBCube/cinny synced 2025-08-01 09:27:46 +00:00
Code Issues Activity

sanitize string before used in regex to prevent crash (#2219)

Browse source
This commit is contained in:
Ajay Bura 2025-02-20 18:30:54 +11:00 committed by GitHub
parent d8d4bce287
commit 9fe67da98b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/app/components/editor/output.ts
View file

@ -5,6 +5,7 @@ import { BlockType } from './types';
import { CustomElement } from './slate'; import { CustomElement } from './slate';
import { parseBlockMD, parseInlineMD } from '../../plugins/markdown'; import { parseBlockMD, parseInlineMD } from '../../plugins/markdown';
import { findAndReplace } from '../../utils/findAndReplace'; import { findAndReplace } from '../../utils/findAndReplace';
import { sanitizeForRegex } from '../../utils/regex';
export type OutputOptions = { export type OutputOptions = {
allowTextFormatting?: boolean; allowTextFormatting?: boolean;
@ -179,7 +180,7 @@ export const customHtmlEqualsPlainText = (customHtml: string, plain: string): bo
export const trimCustomHtml = (customHtml: string) => customHtml.replace(/<br\/>$/g, '').trim(); export const trimCustomHtml = (customHtml: string) => customHtml.replace(/<br\/>$/g, '').trim();
export const trimCommand = (cmdName: string, str: string) => { export const trimCommand = (cmdName: string, str: string) => {
const cmdRegX = new RegExp(`^(\\s+)?(\\/${cmdName})([^\\S\n]+)?`); const cmdRegX = new RegExp(`^(\\s+)?(\\/${sanitizeForRegex(cmdName)})([^\\S\n]+)?`);
const match = str.match(cmdRegX); const match = str.match(cmdRegX);
if (!match) return str; if (!match) return str;

5
src/app/hooks/useAsyncSearch.ts
View file

@ -10,6 +10,7 @@ import {
matchQuery, matchQuery,
ResultHandler, ResultHandler,
} from '../utils/AsyncSearch'; } from '../utils/AsyncSearch';
import { sanitizeForRegex } from '../utils/regex';
export type UseAsyncSearchOptions = AsyncSearchOption & { export type UseAsyncSearchOptions = AsyncSearchOption & {
matchOptions?: MatchQueryOption; matchOptions?: MatchQueryOption;
@ -55,8 +56,8 @@ export const orderSearchItems = <TSearchItem extends object | string | number>(
// we will consider "_" as word boundary char. // we will consider "_" as word boundary char.
// because in more use-cases it is used. (like: emojishortcode) // because in more use-cases it is used. (like: emojishortcode)
const boundaryRegex = new RegExp(`(\\b|_)${query}`); const boundaryRegex = new RegExp(`(\\b|_)${sanitizeForRegex(query)}`);
const perfectBoundaryRegex = new RegExp(`(\\b|_)${query}(\\b|_)`); const perfectBoundaryRegex = new RegExp(`(\\b|_)${sanitizeForRegex(query)}(\\b|_)`);
orderedItems.sort((i1, i2) => { orderedItems.sort((i1, i2) => {
const str1 = performMatch(getItemStr(i1, query), query, options); const str1 = performMatch(getItemStr(i1, query), query, options);

4
src/app/plugins/react-custom-html-parser.tsx
View file

@ -21,7 +21,7 @@ import {
mxcUrlToHttp, mxcUrlToHttp,
} from '../utils/matrix'; } from '../utils/matrix';
import { getMemberDisplayName } from '../utils/room'; import { getMemberDisplayName } from '../utils/room';
import { EMOJI_PATTERN, URL_NEG_LB } from '../utils/regex'; import { EMOJI_PATTERN, sanitizeForRegex, URL_NEG_LB } from '../utils/regex';
import { getHexcodeForEmoji, getShortcodeFor } from './emoji'; import { getHexcodeForEmoji, getShortcodeFor } from './emoji';
import { findAndReplace } from '../utils/findAndReplace'; import { findAndReplace } from '../utils/findAndReplace';
import { import {
@ -171,7 +171,7 @@ export const scaleSystemEmoji = (text: string): (string | JSX.Element)[] =>
); );
export const makeHighlightRegex = (highlights: string[]): RegExp | undefined => { export const makeHighlightRegex = (highlights: string[]): RegExp | undefined => {
const pattern = highlights.join('|'); const pattern = highlights.map(sanitizeForRegex).join('|');
if (!pattern) return undefined; if (!pattern) return undefined;
return new RegExp(pattern, 'gi'); return new RegExp(pattern, 'gi');
}; };

6
src/app/utils/regex.ts
View file

@ -1,3 +1,9 @@
/**
* https://www.npmjs.com/package/escape-string-regexp
*/
export const sanitizeForRegex = (unsafeText: string): string =>
unsafeText.replace(/[|\\{}()[\]^$+*?.]/g, '\\$&').replace(/-/g, '\\x2d');
export const HTTP_URL_PATTERN = `https?:\\/\\/(?:www\\.)?(?:[^\\s)]*)(?<![.,:;!/?()[\\]\\s]+)`; export const HTTP_URL_PATTERN = `https?:\\/\\/(?:www\\.)?(?:[^\\s)]*)(?<![.,:;!/?()[\\]\\s]+)`;
export const URL_REG = new RegExp(HTTP_URL_PATTERN, 'g'); export const URL_REG = new RegExp(HTTP_URL_PATTERN, 'g');