mirror/formbricks-formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-05-04 21:01:28 -05:00
Code Issues Packages Projects Releases 100 Wiki Activity

fix: regex DoS issues (#5520)

Browse Source 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
This commit is contained in:
Dhruwang Jariwala
2025-05-05 17:41:51 +05:30
committed by GitHub
parent 7538e570c5
commit 476d032642
5 changed files with 11 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/web/lib/utils/email.ts
+3 -2
View File
@@ -1,4 +1,5 @@
export const isValidEmail = (email): boolean => {
const regex = /^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/;
export const isValidEmail = (email: string): boolean => {
// This regex comes from zod
const regex = /^(?!\.)(?!.*\.\.)([A-Z0-9_'+\-.]*)[A-Z0-9_+-]@([A-Z0-9][A-Z0-9-]*\.)+[A-Z]{2,}$/i;
return regex.test(email);
};
apps/web/modules/survey/follow-ups/components/follow-up-action-multi-email-input.tsx
+3 -5
View File
@@ -1,3 +1,4 @@
import { isValidEmail } from "@/lib/utils/email";
import { cn } from "@/modules/ui/lib/utils";
import React, { useState } from "react";
@@ -15,15 +16,12 @@ const FollowUpActionMultiEmailInput = ({
const [inputValue, setInputValue] = useState("");
const [error, setError] = useState("");
// Email validation regex
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
const handleAddEmail = () => {
const email = inputValue.trim();
if (!email) return;
if (!emailRegex.test(email)) {
if (!isValidEmail(email)) {
setError("Please enter a valid email address");
return;
}
@@ -77,7 +75,7 @@ const FollowUpActionMultiEmailInput = ({
<span className="text-slate-900">{email}</span>
<button
onClick={() => removeEmail(index)}
className="px-1 text-lg font-medium leading-none text-slate-500">
className="px-1 text-lg leading-none font-medium text-slate-500">
×
</button>
</div>
apps/web/modules/ui/components/editor/components/auto-link-plugin.tsx
+1 -3
View File
@@ -3,9 +3,7 @@ import { AutoLinkPlugin } from "@lexical/react/LexicalAutoLinkPlugin";
const URL_MATCHER =
/((https?:\/\/(www\.)?)|(www\.))[-a-zA-Z0-9@:%._+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_+.~#?&//=]*)/;
const EMAIL_MATCHER =
/(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))/;
const EMAIL_MATCHER = /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/;
const MATCHERS = [
(text: any) => {
const match = URL_MATCHER.exec(text);
packages/js-core/src/lib/common/utils.ts
+3 -1
View File
@@ -276,7 +276,9 @@ export const evaluateNoCodeConfigClick = (
if (cssSelector) {
// Split selectors that start with a . or # including the . or #
const individualSelectors = cssSelector.split(/\s*(?=[.#])/);
const individualSelectors = cssSelector
.split(/(?=[.#])/) // split before each . or #
.map((sel) => sel.trim()); // remove leftover whitespace
for (const selector of individualSelectors) {
if (!targetElement.matches(selector)) {
return false;
packages/surveys/postcss.config.cjs
+1 -1
View File
@@ -1,5 +1,5 @@
// basic regex -- [whitespace](number)(rem)[whitespace or ;]
const REM_REGEX = /(\d*\.?\d+\s?)(rem)/gi;
const REM_REGEX = /\b(\d+(\.\d+)?)(rem)\b/gi;
const PROCESSED = Symbol("processed");
const remtoEm = (opts = {}) => {