Merge pull request #2327 from cbxcvl/fix/expr-re-redos

fix(renderer): remove ambiguous \s* from _EXPR_RE to prevent ReDoS
2026-05-11 17:08:27 +08:00 · 2026-03-31 02:52:30 +02:00
parent a4b7a693e5 e91d20ef0d
commit cc4cf9cc44
1 changed files with 1 additions and 1 deletions
@@ -141,7 +141,7 @@ class TemplateRenderer:
    _BLOCK_RE = re.compile(r'<\*\s*(.*?)\s*\*>', re.DOTALL)

    # Regex for expression tags: {{ ... }}
-    _EXPR_RE = re.compile(r"\{\{\s*([^}\n]+?)\s*\}\}")
+    _EXPR_RE = re.compile(r"\{\{([^}\n]+?)\}\}")

    def __init__(self, theme_data: dict[str, dict[str, str]], verbose: bool = True, default_mode: str = "dark", image_path: Optional[str] = None, scheme_type: str = "content"):
        self.theme_data = theme_data