You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Reproduction lua, this should not throw/error. It is a valid regex and source string. There is some bug in the old-old (2015?) KopiLua_strlib.cs and it is loosing track of the input state.
var code = "string.gsub('some words for spacing error reasons <script>alert(""hello world"")</script>','^%s*(.-)%s*$','%1')";
var script = new Script();
script.DoString(code); //should not throw in this case
Sample code came after reproducing and narrowing some live-ish code I found while doing a security audit on regex complexities.
Upstream KopiLua seems to have an older PR that may fix this? https://github.com/NLua/KopiLua/pull/21/files but I haven't had a chance to merge-refactor it in to our local moonsharp fork yet.
The text was updated successfully, but these errors were encountered:
Reproduction lua, this should not throw/error. It is a valid regex and source string. There is some bug in the old-old (2015?) KopiLua_strlib.cs and it is loosing track of the input state.
Sample code came after reproducing and narrowing some live-ish code I found while doing a security audit on regex complexities.
Upstream KopiLua seems to have an older PR that may fix this? https://github.com/NLua/KopiLua/pull/21/files but I haven't had a chance to merge-refactor it in to our local moonsharp fork yet.
The text was updated successfully, but these errors were encountered: