1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From: =?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org>
Date: Wed, 1 Mar 2023 08:12:48 +0000
Subject: Partial fix of reDos CVE-2022-21222/CVE-2021-33587: attribute
selector
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Per https://w3c.github.io/csswg-drafts/selectors/#attribute-selectors only = ~= |= ^= $= *= are supported.
Add also != that is checked as invalid latter in order to pass testsuite.
So replace \S by [~|^$*!]
Signed-off-by: Bastien Roucariès <rouca@debian.org>
bug-debian: https://bugs.debian.org/989264
bug-debian: https://bugs.debian.org/1032188
bug: https://www.cve.org/CVERecord?id=CVE-2022-21222
bug: https://www.cve.org/CVERecord?id=CVE-2021-33587
---
src/parse.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/parse.ts b/src/parse.ts
index 677a029..628561b 100644
--- a/src/parse.ts
+++ b/src/parse.ts
@@ -81,7 +81,7 @@ export type TraversalType =
const reName = /^[^\\#]?(?:\\(?:[\da-f]{1,6}\s?|.)|[\w\-\u00b0-\uFFFF])+/;
const reEscape = /\\([\da-f]{1,6}\s?|(\s)|.)/gi;
// Modified version of https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
-const reAttr = /^\s*(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\uFFFF-])+)\s*(?:(\S?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4|(#?(?:\\.|[\w\u00b0-\uFFFF-])*)|)|)\s*([iI])?\]/;
+const reAttr = /^\s*(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\uFFFF-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4|(#?(?:\\.|[\w\u00b0-\uFFFF-])*)|)|)\s*([iI])?\]/;
const actionTypes: { [key: string]: AttributeAction } = {
undefined: "exists",
|
