diff --git a/index.js b/index.js index 46e3d57..9aaa826 100644 --- a/index.js +++ b/index.js @@ -1,6 +1,6 @@ 'use strict'; -var regex = /^(?:\r\n|\n|\r)+|(?:\r\n|\n|\r)+$/g; +var regex = /^(?:\r|\n)+|(?:\r|\n)+$/g; module.exports = function (str) { return str.replace(regex, ''); diff --git a/package.json b/package.json index 7b2d8a1..a160421 100644 --- a/package.json +++ b/package.json @@ -34,10 +34,9 @@ "remove", "delete" ], - "dependencies": {}, "devDependencies": { "mocha": "*", - "xo": "*" + "xo": "^0.17.1" }, "xo": { "envs": [ diff --git a/test.js b/test.js index 54cdac8..f4c9ffb 100644 --- a/test.js +++ b/test.js @@ -19,3 +19,10 @@ it('should trim off \\r\\n', function () { assert.strictEqual(trimOffNewlines('\r\nunicorns\r\n'), 'unicorns'); assert.strictEqual(trimOffNewlines('unicorns\r\n\r\n\r\n\r\n\r\n\r\n'), 'unicorns'); }); + +it('should not be susceptible to exponential backtracking', function () { + var start = Date.now(); + trimOffNewlines('a' + '\r\n'.repeat(1000) + 'a'); + var end = Date.now(); + assert.ok(end - start < 1000, 'took too long, probably susceptible to ReDOS'); +});