From e91d20ef0d4d26c3cb6da01792c76efcc1934a92 Mon Sep 17 00:00:00 2001
From: cbxcvl <cbxcvl@proton.me>
Date: Fri, 27 Mar 2026 13:53:32 -0300
Subject: [PATCH] fix(renderer): remove ambiguous \s* from _EXPR_RE to prevent
 ReDoS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The pattern \s*([^}\n]+?)\s* allowed polynomial backtracking when no
closing }} was found — confirmed to hang at n=5000 whitespace chars.
The \s* wrappers were redundant since group(1) is already stripped at
the call site.

Reported and patched with @pa1va. Closes #2325
---
 Scripts/python/src/theming/lib/renderer.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Scripts/python/src/theming/lib/renderer.py b/Scripts/python/src/theming/lib/renderer.py
index 8e82295d5..83ab8eebc 100644
--- a/Scripts/python/src/theming/lib/renderer.py
+++ b/Scripts/python/src/theming/lib/renderer.py
@@ -141,7 +141,7 @@ class TemplateRenderer:
     _BLOCK_RE = re.compile(r'<\*\s*(.*?)\s*\*>', re.DOTALL)
 
     # Regex for expression tags: {{ ... }}
-    _EXPR_RE = re.compile(r"\{\{\s*([^}\n]+?)\s*\}\}")
+    _EXPR_RE = re.compile(r"\{\{([^}\n]+?)\}\}")
 
     def __init__(self, theme_data: dict[str, dict[str, str]], verbose: bool = True, default_mode: str = "dark", image_path: Optional[str] = None, scheme_type: str = "content"):
         self.theme_data = theme_data