Skip to content

Commit 54cbf3c

Browse files
committed
Backport ReDoS vulnerabilities from PostCSS 8
1 parent 12832f3 commit 54cbf3c

1 file changed

Lines changed: 4 additions & 2 deletions

File tree

lib/previous-map.es6

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -73,12 +73,14 @@ class PreviousMap {
7373

7474
getAnnotationURL (sourceMapString) {
7575
return sourceMapString
76-
.match(/\/\*\s*# sourceMappingURL=(.*)\s*\*\//)[1]
76+
.match(/\/\*\s*# sourceMappingURL=((?:(?!sourceMappingURL=).)*)\*\//)[1]
7777
.trim()
7878
}
7979

8080
loadAnnotation (css) {
81-
let annotations = css.match(/\/\*\s*# sourceMappingURL=(.*)\s*\*\//mg)
81+
let annotations = css.match(
82+
/\/\*\s*# sourceMappingURL=(?:(?!sourceMappingURL=).)*\*\//gm
83+
)
8284

8385
if (annotations && annotations.length > 0) {
8486
// Locate the last sourceMappingURL to avoid picking up

0 commit comments

Comments
 (0)