aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard van Velzen <rvanvelzen@experty.com>2015-11-09 11:28:27 +0100
committerRichard van Velzen <rvanvelzen@experty.com>2015-11-09 11:28:27 +0100
commit63d35f8f6db6d90d6142132d2d5f0bd5d3d698aa (patch)
treebb17a87e7ece2a1e2d6ded374df0b28981e1616a
parent37ee9de9021f1f34ed7d2f453f58348f2e74764f (diff)
downloadtracifyjs-63d35f8f6db6d90d6142132d2d5f0bd5d3d698aa.tar.gz
tracifyjs-63d35f8f6db6d90d6142132d2d5f0bd5d3d698aa.zip
Prevent ReDoS by not using a regexp to verify floating point numbers
`parseFloat` will return `NaN` for invalid numbers anyway, which is the check used to throw the parse error. Fixes #857
-rw-r--r--lib/parse.js3
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/parse.js b/lib/parse.js
index 1ab03589..4c548a26 100644
--- a/lib/parse.js
+++ b/lib/parse.js
@@ -59,7 +59,6 @@ var OPERATOR_CHARS = makePredicate(characters("+-*&%=<>!?|~^"));
var RE_HEX_NUMBER = /^0x[0-9a-f]+$/i;
var RE_OCT_NUMBER = /^0[0-7]+$/;
-var RE_DEC_NUMBER = /^\d*\.?\d*(?:e[+-]?\d*(?:\d\.?|\.?\d)\d*)?$/i;
var OPERATORS = makePredicate([
"in",
@@ -182,7 +181,7 @@ function parse_js_number(num) {
return parseInt(num.substr(2), 16);
} else if (RE_OCT_NUMBER.test(num)) {
return parseInt(num.substr(1), 8);
- } else if (RE_DEC_NUMBER.test(num)) {
+ } else {
return parseFloat(num);
}
};