Use a regex that doesn't suffer from catastrophic backtracking

jcmuller · jcmuller · commit 32d8a02f9831 · 2017-09-27T09:31:37.000-04:00
https://www.regular-expressions.info/catastrophic.html
diff --git a/lib/rack/contrib/jsonp.rb b/lib/rack/contrib/jsonp.rb
@@ -7,8 +7,7 @@ module Rack
   class JSONP
     include Rack::Utils
 
-    VALID_JS_VAR    = /[a-zA-Z_$][\w$]*/
-    VALID_CALLBACK  = /\A#{VALID_JS_VAR}(?:\.?#{VALID_JS_VAR})*\z/
+    VALID_CALLBACK = /\A[a-zA-Z_$](?:\.?[\w$])*\z/
 
     # These hold the Unicode characters \u2028 and \u2029.
     #

Original file line number	Diff line number	Diff line change
`@@ -7,8 +7,7 @@ module Rack`
`7`	`7`	`class JSONP`
`8`	`8`	`include Rack::Utils`
`9`	`9`
`10`		`- VALID_JS_VAR = /[a-zA-Z_$][\w$]*/`
`11`		`- VALID_CALLBACK = /\A#{VALID_JS_VAR}(?:\.?#{VALID_JS_VAR})*\z/`
	`10`	`+ VALID_CALLBACK = /\A[a-zA-Z_$](?:\.?[\w$])*\z/`
`12`	`11`
`13`	`12`	`# These hold the Unicode characters \u2028 and \u2029.`
`14`	`13`	`#`