Backport ReDoS vulnerabilities from PostCSS 8

postcss · Jun 11, 2021 · 54cbf3c · 54cbf3c
1 parent 12832f3
commit 54cbf3c
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/lib/previous-map.es6 b/lib/previous-map.es6
@@ -73,12 +73,14 @@ class PreviousMap {
 
  getAnnotationURL (sourceMapString) {
  return sourceMapString
- .match(/\/\*\s*# sourceMappingURL=(.*)\s*\*\//)[1]
+ .match(/\/\*\s*# sourceMappingURL=((?:(?!sourceMappingURL=).)*)\*\//)[1]
  .trim()
  }
 
  loadAnnotation (css) {
- let annotations = css.match(/\/\*\s*# sourceMappingURL=(.*)\s*\*\//mg)
+ let annotations = css.match(
+ /\/\*\s*# sourceMappingURL=(?:(?!sourceMappingURL=).)*\*\//gm
+ )
 
  if (annotations && annotations.length > 0) {
  // Locate the last sourceMappingURL to avoid picking up