fix ReDoS-vulnerable regexp in addImage (#3091)

yetingli · web-flow · commit d8bb3b39efcd · 2021-02-11T16:50:17.000+01:00
diff --git a/src/modules/addimage.js b/src/modules/addimage.js
@@ -630,7 +630,7 @@ import { atob, btoa } from "../libs/AtobBtoa.js";
     var result = null;
 
     if (dataUrlParts.length === 2) {
-      var extractedInfo = /^data:(\w*\/\w*);*(charset=[\w=-]*)*;*$/.exec(
+      var extractedInfo = /^data:(\w*\/\w*);*(charset=(?!charset=)[\w=-]*)*;*$/.exec(
         dataUrlParts[0]
       );
       if (Array.isArray(extractedInfo)) {
