dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-1.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

From 8d3b5c730596d254d0bbcfbab52f4158f03397b3 Mon Sep 17 00:00:00 2001
From: Kornelius Kalnbach <murphy@rubychan.de>
Date: Wed, 28 Jun 2023 17:24:55 +0200
Subject: [PATCH] make regex faster with Atomic Grouping

---
 lib/redcloth/formatters/html.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/redcloth/formatters/html.rb b/lib/redcloth/formatters/html.rb
index b241c99..aaeae34 100644
--- a/lib/redcloth/formatters/html.rb
+++ b/lib/redcloth/formatters/html.rb
@@ -324,7 +324,7 @@ def before_transform(text)
   # Clean unauthorized tags.
   def clean_html( text, allowed_tags = BASIC_TAGS )
     text.gsub!( /<!\[CDATA\[/, '' )
-    text.gsub!( /<(\/*)([A-Za-z]\w*)([^>]*?)(\s?\/?)>/ ) do |m|
+    text.gsub!( /<(\/*)(?>[A-Za-z]\w*)([^>]*?)(\s?\/?)>/ ) do |m|
       raw = $~
       tag = raw[2].downcase
       if allowed_tags.has_key? tag