GFM strikethrough compatibility #1258
Conversation
|
I don't think this is catastrophically backtracking regex. |
| @@ -588,7 +588,7 @@ inline.gfm = merge({}, inline.normal, { | |||
| .replace('email', inline._email) | |||
| .getRegex(), | |||
| _backpedal: /(?:[^?!.,:;*_~()&]+|\([^)]*\)|&(?![a-zA-Z0-9]+;$)|[?!.,:;*_~)]+(?!$))+/, | |||
| del: /^~~(?=\S)([\s\S]*?\S)~~/, | |||
| del: /^~+(?=\S)([\s\S]*?\S)~+/, | |||
There was a problem hiding this comment.
- Could this be simplified (no look-ahead) to
/^~+([^\s~][\s\S]*?\S)~+/? - Why not
~~ leading/trailing spaces ~~? Seems like the spec permits this.
There was a problem hiding this comment.
- The spec might allow it but github doesn't
without space:
asdf
with space:
~ asdf ~
There was a problem hiding this comment.
Interesting. Would this work? /^~+([^~]+)~+/.
(This regex will accept the "with space" version which I think is appropriate despite GitHub's treatment of it).
The spec says "No nesting" which I think means that the first ~ should terminate the strike-through.
There was a problem hiding this comment.
I think we should act like GitHub when the spec is ambiguous
There was a problem hiding this comment.
To answer my own question, /^~+([^\s~][\s\S]*?\S)~+/ won't work -- it requires a minimum of two characters between the ~s.
There was a problem hiding this comment.
I'm a little concerned that this regex (old and new versions) will match ~~~. How about
/^~+(?=[^\s~])([^~]*[^\s~])~+/
which will:
- Ensure that the "text" neither begins nor ends with whitespace or a
~; and - Explicitly prevent nesting without needing to rely on the non-greedy
*?behavior.
Thoughts?
There was a problem hiding this comment.
Is there any particular reason to avoid the non-greedy modifier?
There was a problem hiding this comment.
I'm nervous about the structure /~+...[\s\S]*?...~+/. I do not believe that as written the regex is vulnerable, but a slight modification would make it so. If the middle group excludes a ~ character then the risk is removed.
There was a problem hiding this comment.
@davisjam If this is not vulnerable as written then I think we should merge it because it brings us into compliance. Adding @joshbruce to take a look.
styfle
changed the title
|
Thanks Tom! 🎉 |
GFM strikethrough compatibility
Marked version: 0.3.19
Markdown flavor: GitHub Flavored Markdown
Description
This pull request brings GFM strikethrough compatibility.
Contributor
Committer
In most cases, this should be a different person than the contributor.