Skip to content

Commit 4b25d8f

Browse files
author
Jacob Hoffman-Andrews
committed
Fix catastrophic backtracking issue
1 parent 0487a4a commit 4b25d8f

File tree

2 files changed

+16
-3
lines changed

2 files changed

+16
-3
lines changed

rewriter/README.md

Whitespace-only changes.

rewriter/rewriter.js

Lines changed: 16 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,14 @@
55
// Makes a copy of each file at filename.bak.
66
//
77
// Usage:
8-
// (install node and npm)
98
// cd https-everywhere
10-
// ./makecrx.sh
9+
// ./makecrx.sh # to build default.rulesets
1110
// cd rewriter
12-
// js rewriter.js ~/path/to/my/webapp
11+
// (install node and npm)
12+
// npm install
13+
// node rewriter.js ~/path/to/my/webapp
14+
// cd ~/path/to/my/webapp
15+
// git diff
1316

1417
var path = require("path"),
1518
fs = require("fs"),
@@ -46,6 +49,15 @@ function processDir(dir) {
4649
}));
4750
}
4851

52+
// Overwrite the default URI find_uri_expression with a modified one that
53+
// mitigates a catastrophic backtracking issue common in CSS.
54+
// The workaround was to insist that URLs start with http, since those are the
55+
// only ones we want to rewrite anyhow. Note that this may still go exponential
56+
// on certain inputs. http://www.regular-expressions.info/catastrophic.html
57+
// Example string that blows up URI.withinString:
58+
// image:url(http://img.youtube.com/vi/x7f
59+
URI.find_uri_expression = /\b((?:http:(?:\/{1,3}|[a-z0-9%])|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+)+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'".,<>?«»]))/ig;
60+
4961
function processFile(filename) {
5062
var contents = fs.readFileSync(filename, {encoding: 'utf-8'});
5163
var rewrittenFile = URI.withinString(contents, function(url) {
@@ -74,6 +86,7 @@ function processFile(filename) {
7486
}
7587

7688
function loadRuleSets() {
89+
console.log("Loading rules...");
7790
var fileContents = fs.readFileSync(path.join(__dirname, '../pkg/crx/rules/default.rulesets'), {encoding: 'utf-8'});
7891
var xml = new DOMParser().parseFromString(fileContents, 'text/xml');
7992
ruleSets = new rules.RuleSets("fake user agent", lrucache.LRUCache, xml, {});

0 commit comments

Comments
 (0)