From 6e710505939e5271c8afa8e6c305bc9a5369a010 Mon Sep 17 00:00:00 2001 From: cbxcvl Date: Fri, 27 Mar 2026 13:53:54 -0300 Subject: [PATCH] fix(renderer): remove ambiguous \s* from _parse_if regex to prevent ReDoS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The pattern \s*(.+?)\s* in _parse_if allowed polynomial backtracking when no closing }} was found — confirmed to hang at n=5000 whitespace chars. The \s* wrappers were redundant since group(1) is already stripped at the call site. Reported and patched with @pa1va. Closes #2326 --- Scripts/python/src/theming/lib/renderer.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Scripts/python/src/theming/lib/renderer.py b/Scripts/python/src/theming/lib/renderer.py index 8e82295d5..9be4ddbda 100644 --- a/Scripts/python/src/theming/lib/renderer.py +++ b/Scripts/python/src/theming/lib/renderer.py @@ -359,7 +359,7 @@ class TemplateRenderer: condition_part = condition_part[4:].strip() # Extract expression from {{ ... }} if present - expr_match = re.match(r'\{\{\s*(.+?)\s*\}\}', condition_part) + expr_match = re.match(r'\{\{(.+?)\}\}', condition_part) if expr_match: condition_expr = expr_match.group(1).strip() else: