Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/lib/banzai/filter/math_filter_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/lib/banzai/filter/math_filter_spec.rb')
-rw-r--r--spec/lib/banzai/filter/math_filter_spec.rb8
1 files changed, 8 insertions, 0 deletions
diff --git a/spec/lib/banzai/filter/math_filter_spec.rb b/spec/lib/banzai/filter/math_filter_spec.rb
index ded94dd6ce5..e4ebebc0fde 100644
--- a/spec/lib/banzai/filter/math_filter_spec.rb
+++ b/spec/lib/banzai/filter/math_filter_spec.rb
@@ -215,6 +215,14 @@ RSpec.describe Banzai::Filter::MathFilter, feature_category: :team_planning do
expect(doc.search('.js-render-math').count).to eq(2)
end
+ it 'protects against malicious backtracking' do
+ doc = pipeline_filter("$$#{' ' * 1_000_000}$")
+
+ expect do
+ Timeout.timeout(3.seconds) { filter(doc) }
+ end.not_to raise_error
+ end
+
def pipeline_filter(text)
context = { project: nil, no_sourcepos: true }
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-21 06:04:06 +0300