From 18cad30d7ee3921cda29d75a268e9de97a5aeccc Mon Sep 17 00:00:00 2001
From: Nathan Danzmann <nathan@bobw.co>
Date: Sun, 18 Apr 2021 16:34:39 +0300
Subject: [PATCH 1/2] Fix regex Dos vulnerability

---
 lib/index.js | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/lib/index.js b/lib/index.js
index 31ce7ff..ee2aada 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -49,16 +49,30 @@
       return tag
     }
 
-    return str.replace(/\[(\d+;)?(\d+)*m/g, function(match, b1, b2) {
-      var i, code, res = ''
-      if (b2 == '' || b2 == null) b2 = '0'
-      for (i = 1; i < arguments.length - 2; i++) {
-        if (!arguments[i]) continue
-        code = parseInt(arguments[i])
-        res += tag(code)
+    function validateString(string) {
+      var strArray = string.split('[')
+      if (strArray.length === 0) return false
+      for (var item in strArray) {
+        if (strArray[item].length > 10) {
+          return false
+        }
       }
-      return res
-    }) + tag()
+      return true
+    }
+
+    if (validateString(str)) {
+      return str.replace(/\[(\d+;)?(\d+)*m/g, function(match, b1, b2) {
+        var i, code, res = ''
+        if (b2 == '' || b2 == null) b2 = '0'
+        for (i = 1; i < arguments.length - 2; i++) {
+          if (!arguments[i]) continue
+          code = parseInt(arguments[i])
+          res += tag(code)
+        }
+        return res
+      }) + tag()
+    }
+    return null
   }
 
   /* not implemented:

From 14c8d0a3923cc2b4664fed706cb1c6196784dc04 Mon Sep 17 00:00:00 2001
From: Sara Farooghian <farooghian.sara@gmail.com>
Date: Mon, 3 May 2021 23:26:56 +0300
Subject: [PATCH 2/2] Fix regex Dos vulnerability

---
 lib/index.js | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/lib/index.js b/lib/index.js
index 31ce7ff..ee2aada 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -49,16 +49,30 @@
       return tag
     }
 
-    return str.replace(/\[(\d+;)?(\d+)*m/g, function(match, b1, b2) {
-      var i, code, res = ''
-      if (b2 == '' || b2 == null) b2 = '0'
-      for (i = 1; i < arguments.length - 2; i++) {
-        if (!arguments[i]) continue
-        code = parseInt(arguments[i])
-        res += tag(code)
+    function validateString(string) {
+      var strArray = string.split('[')
+      if (strArray.length === 0) return false
+      for (var item in strArray) {
+        if (strArray[item].length > 10) {
+          return false
+        }
       }
-      return res
-    }) + tag()
+      return true
+    }
+
+    if (validateString(str)) {
+      return str.replace(/\[(\d+;)?(\d+)*m/g, function(match, b1, b2) {
+        var i, code, res = ''
+        if (b2 == '' || b2 == null) b2 = '0'
+        for (i = 1; i < arguments.length - 2; i++) {
+          if (!arguments[i]) continue
+          code = parseInt(arguments[i])
+          res += tag(code)
+        }
+        return res
+      }) + tag()
+    }
+    return null
   }
 
   /* not implemented: