@mui/internal-markdown 1.0.22 → 1.0.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/parseMarkdown.js +5 -1
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mui/internal-markdown",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.23",
|
|
4
4
|
"author": "MUI Team",
|
|
5
5
|
"description": "MUI markdown parser. This is an internal package not meant for general use.",
|
|
6
6
|
"main": "./index.js",
|
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
"dependencies": {
|
|
19
19
|
"@babel/runtime": "^7.26.0",
|
|
20
20
|
"lodash": "^4.17.21",
|
|
21
|
-
"marked": "^15.0.
|
|
21
|
+
"marked": "^15.0.4",
|
|
22
22
|
"prismjs": "^1.29.0"
|
|
23
23
|
},
|
|
24
24
|
"devDependencies": {
|
package/parseMarkdown.js
CHANGED
|
@@ -209,7 +209,11 @@ function getCodeblock(content) {
|
|
|
209
209
|
if (!content.startsWith('<codeblock')) {
|
|
210
210
|
return undefined;
|
|
211
211
|
}
|
|
212
|
-
|
|
212
|
+
// The regexes below have a negative lookahead to prevent ReDoS
|
|
213
|
+
// See https://github.com/mui/material-ui/issues/44078
|
|
214
|
+
const storageKey = content.match(
|
|
215
|
+
/^<codeblock (?!<codeblock )[^>]*storageKey=["|'](?!storageKey=["|'])(\S*)["|'].*>/m,
|
|
216
|
+
)?.[1];
|
|
213
217
|
const blocks = [...content.matchAll(/^```(\S*) (\S*)\n(.*?)\n```/gmsu)].map(
|
|
214
218
|
([, language, tab, code]) => ({ language, tab, code }),
|
|
215
219
|
);
|