prevent regex dos vector

rei-moo · rei-moo · commit 74f8e778e05d · 2025-12-16T15:34:43.000-06:00
diff --git a/lib/secure_headers/task_helper.rb b/lib/secure_headers/task_helper.rb
@@ -29,8 +29,8 @@ def generate_inline_style_hashes(filename)
 
     def dynamic_content?(filename, inline_script)
       !!(
-        (is_mustache?(filename) && inline_script =~ /\{\{.*\}\}/) ||
-        (is_erb?(filename) && inline_script =~ /<%.*%>/)
+        (is_mustache?(filename) && inline_script =~ /\{\{.*?\}\}/) ||
+        (is_erb?(filename) && inline_script =~ /<%.*?%>/)
         )
     end
 

Original file line number	Diff line number	Diff line change
`@@ -29,8 +29,8 @@ def generate_inline_style_hashes(filename)`
`29`	`29`
`30`	`30`	`def dynamic_content?(filename, inline_script)`
`31`	`31`	`!!(`
`32`		`- (is_mustache?(filename) && inline_script =~ /\{\{.*\}\}/) \|\|`
`33`		`- (is_erb?(filename) && inline_script =~ /<%.*%>/)`
	`32`	`+ (is_mustache?(filename) && inline_script =~ /\{\{.*?\}\}/) \|\|`
	`33`	`+ (is_erb?(filename) && inline_script =~ /<%.*?%>/)`
`34`	`34`	`)`
`35`	`35`	`end`
`36`	`36`