fix ReDoS in file editor (UiFileManager plugin) due to outdated codemirror
just patched from updated version, ideally codemirror dependency should be included during build stage, but there's no infrastructure for that (yet)
This commit is contained in:
parent
8355b82eef
commit
d16c71966b
3 changed files with 10 additions and 3 deletions
|
@ -1,6 +1,7 @@
|
|||
### zeronet-conservancy 0.7.9+
|
||||
- fixed ReDoS in file editor (UiFileManager plugin) due to outdated codemirror (@caryoscelus)
|
||||
|
||||
### zeronet-conservancy 0.7.9 (2023-07-02)
|
||||
### zeronet-conservancy 0.7.9 (2023-07-02) (f966a4203fe33bd9f35)
|
||||
maintainers: @caryoscelus -> none
|
||||
- update README (build/dev instructions; thanks to @fgaz)
|
||||
- better debugging of update non-propagation
|
||||
|
|
|
@ -17366,7 +17366,10 @@ CodeMirror.defineMode("javascript", function(config, parserConfig) {
|
|||
var kw = keywords[word]
|
||||
return ret(kw.type, kw.style, word)
|
||||
}
|
||||
if (word == "async" && stream.match(/^(\s|\/\*.*?\*\/)*[\[\(\w]/, false))
|
||||
// backported ReDoS fix from
|
||||
// https://github.com/codemirror/codemirror5/blob/a0854c752a76e4ba9512a9beedb9076f36e4f8f9/mode/javascript/javascript.js#L130C36-L130C36
|
||||
// https://security.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
|
||||
if (word == "async" && stream.match(/^(\s|\/\*([^*]|\*(?!\/))*?\*\/)*[\[\(\w]/, false))
|
||||
return ret("async", "keyword", word)
|
||||
}
|
||||
return ret("variable", "variable", word)
|
||||
|
|
|
@ -126,7 +126,10 @@ CodeMirror.defineMode("javascript", function(config, parserConfig) {
|
|||
var kw = keywords[word]
|
||||
return ret(kw.type, kw.style, word)
|
||||
}
|
||||
if (word == "async" && stream.match(/^(\s|\/\*.*?\*\/)*[\[\(\w]/, false))
|
||||
// backported ReDoS fix from
|
||||
// https://github.com/codemirror/codemirror5/blob/a0854c752a76e4ba9512a9beedb9076f36e4f8f9/mode/javascript/javascript.js#L130C36-L130C36
|
||||
// https://security.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
|
||||
if (word == "async" && stream.match(/^(\s|\/\*([^*]|\*(?!\/))*?\*\/)*[\[\(\w]/, false))
|
||||
return ret("async", "keyword", word)
|
||||
}
|
||||
return ret("variable", "variable", word)
|
||||
|
|
Loading…
Reference in a new issue