Bennett/g0v0-server
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(bbcode): fix ReDos vulnerabilities in BBCodeService (#96)

Browse Source 
* fix(bbcode): fix ReDos of imagemap parsing

* fix(bbcode): use `regex` and add timeout to avoid too long time to parse

* feat(bbcode): use `make_tag` to generate HTML tags

* docs(bbcode): add docstrings for BBCodeService

* fix(user): validate BBCode content before processing userpage update

* fix(bbcode): catch timeout errors in BBCode parsing with MaliciousBBCodeError

* fix(bbcode): resolve reviews

* fix(bbcode): use `make_tag` in `_parse_size`

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix(bbcode): fix using `make_tag` in `_parse_size`

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
MingxuanGame
2025-12-12 19:50:29 +08:00
committed by GitHub
parent 0f51d7a834
commit e0c3e06ffe
5 changed files with 634 additions and 230 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pyproject.toml
View File

@@ -31,6 +31,7 @@ dependencies = [
"python-jose[cryptography]>=3.3.0",
"python-multipart>=0.0.6",
"redis>=5.0.1",
"regex>=2025.11.3",
"sentry-sdk[fastapi,httpx,loguru,sqlalchemy]>=2.34.1",
"sqlalchemy>=2.0.23",
"sqlmodel>=0.0.24",