Merge branch 'master' into local-urls

# Conflicts:
#	dist/Autolinker.min.js
#	tests/matcher/UrlSpec.js

Author: gregjacobs

README.md

@@ -368,9 +368,15 @@ The full API docs for Autolinker may be referenced at:
 Pull requests definitely welcome.
 
 - Make sure to add tests to cover your new functionality/bugfix.
-- Run the `gulp` command to build/test (or alternatively, open the `tests/index.html` file to run the tests).
-- When committing, please omit checking in the files in the `dist/` folder after building/testing. These are only committed to the repository for users downloading Autolinker via Bower. I will build these files and assign them a version number when merging your PR.
-- Please use tabs for indents! Tabs are better for everybody (individuals can set their editors to different tab sizes based on their visual preferences).
+- Run the `gulp test` command to build/test (or alternatively, open the 
+  `tests/index.html` file to run the tests).
+- When committing, please omit checking in the files in the `dist/` 
+  folder after building/testing. These are only committed to the 
+  repository for users downloading Autolinker via Bower. I will build 
+  these files and assign them a version number when merging your PR.
+- Please use tabs for indents! Tabs are better for everybody 
+  (individuals can set their editors to different tab sizes based on 
+  their visual preferences).
 
 
 ## Changelog

dist/Autolinker.js

@@ -1,6 +1,6 @@
 /*!
  * Autolinker.js
- * 1.2.1
+ * 1.3.1
  *
  * Copyright(c) 2016 Gregory Jacobs <[email protected]>
  * MIT License
@@ -240,7 +240,7 @@ Autolinker.parse = function( textOrHtml, options ) {
  *
  * Ex: 0.25.1
  */
-Autolinker.version = '1.2.1';
+Autolinker.version = '1.3.1';
 
 
 Autolinker.prototype = {
@@ -1783,7 +1783,8 @@ Autolinker.htmlParser.HtmlParser = Autolinker.Util.extend( Object, {
 	 * 2. If it is an end tag, this group will have the '/'.
 	 * 3. If it is a comment tag, this group will hold the comment text (i.e.
 	 *    the text inside the `&lt;!--` and `--&gt;`.
-	 * 4. The tag name for all tags (other than the &lt;!DOCTYPE&gt; tag)
+	 * 4. The tag name for a tag without attributes (other than the &lt;!DOCTYPE&gt; tag)
+	 * 5. The tag name for a tag with attributes (other than the &lt;!DOCTYPE&gt; tag)
 	 */
 	htmlRegex : (function() {
 		var commentTagRegex = /!--([\s\S]+?)--/,
@@ -1821,19 +1822,36 @@ Autolinker.htmlParser.HtmlParser = Autolinker.Util.extend( Object, {
 
 						'|',
 
+						// Handle tag without attributes.
+						// Doing this separately from a tag that has attributes
+						// to fix a regex time complexity issue seen with the
+						// example in https://github.com/gregjacobs/Autolinker.js/issues/172
 						'(?:',
+							// *** Capturing Group 4 - The tag name for a tag without attributes
+							'(' + tagNameRegex.source + ')',
+
+							'\\s*/?',  // any trailing spaces and optional '/' before the closing '>'
+						')',
 
-							// *** Capturing Group 4 - The tag name
+						'|',
+
+						// Handle tag with attributes
+						// Doing this separately from a tag with no attributes
+						// to fix a regex time complexity issue seen with the
+						// example in https://github.com/gregjacobs/Autolinker.js/issues/172
+						'(?:',
+							// *** Capturing Group 5 - The tag name for a tag with attributes
 							'(' + tagNameRegex.source + ')',
 
+							'\\s+',  // must have at least one space after the tag name to prevent ReDoS issue (issue #172)
+
 							// Zero or more attributes following the tag name
 							'(?:',
 								'(?:\\s+|\\b)',        // any number of whitespace chars before an attribute. NOTE: Using \s* here throws Chrome into an infinite loop for some reason, so using \s+|\b instead
 								nameEqualsValueRegex,  // attr="value" (with optional ="value" part)
 							')*',
 
 							'\\s*/?',  // any trailing spaces and optional '/' before the closing '>'
-
 						')',
 					')',
 				'>',
@@ -1869,7 +1887,7 @@ Autolinker.htmlParser.HtmlParser = Autolinker.Util.extend( Object, {
 		while( ( currentResult = htmlRegex.exec( html ) ) !== null ) {
 			var tagText = currentResult[ 0 ],
 			    commentText = currentResult[ 3 ], // if we've matched a comment
-			    tagName = currentResult[ 1 ] || currentResult[ 4 ],  // The <!DOCTYPE> tag (ex: "!DOCTYPE"), or another tag (ex: "a" or "img")
+			    tagName = currentResult[ 1 ] || currentResult[ 4 ] || currentResult[ 5 ],  // The <!DOCTYPE> tag (ex: "!DOCTYPE"), or another tag (ex: "a" or "img")
 			    isClosingTag = !!currentResult[ 2 ],
 			    offset = currentResult.index,
 			    inBetweenTagsText = html.substring( lastIndex, offset );
@@ -1897,7 +1915,14 @@ Autolinker.htmlParser.HtmlParser = Autolinker.Util.extend( Object, {
 			// Push TextNodes and EntityNodes for any text found between tags
 			if( text ) {
 				textAndEntityNodes = this.parseTextAndEntityNodes( lastIndex, text );
-				nodes.push.apply( nodes, textAndEntityNodes );
+
+				// Note: the following 3 lines were previously:
+				//   nodes.push.apply( nodes, textAndEntityNodes );
+				// but this was causing a "Maximum Call Stack Size Exceeded"
+				// error on inputs with a large number of html entities.
+				textAndEntityNodes.forEach( function( node ) {
+					nodes.push( node );
+				} );
 			}
 		}
 
@@ -3803,8 +3828,8 @@ Autolinker.matcher.UrlMatchValidator = {
 			( protocolUrlMatch && !this.isValidUriScheme( protocolUrlMatch ) ) ||
 			this.urlMatchDoesNotHaveProtocolOrDot( urlMatch, protocolUrlMatch ) ||    // At least one period ('.') must exist in the URL match for us to consider it an actual URL, *unless* it was a full protocol match (like 'http://localhost')
 			(this.urlMatchDoesNotHaveAtLeastOneWordChar( urlMatch, protocolUrlMatch ) && // At least one letter character must exist in the domain name after a protocol match. Ex: skip over something like "git:1.0"
-			 !this.isValidIpAddress( urlMatch ) // Except if it's an IP address
-			)
+			   !this.isValidIpAddress( urlMatch )) || // Except if it's an IP address
+			this.containsMultipleDots( urlMatch )
 		) {
 			return false;
 		}
@@ -3820,6 +3845,10 @@ Autolinker.matcher.UrlMatchValidator = {
 		return uriScheme !== null;
 	},
 
+	containsMultipleDots : function ( urlMatch ) {
+		return urlMatch.indexOf("..") > -1;
+	},
+
 	/**
 	 * Determines if the URI scheme is a valid scheme to be autolinked. Returns
 	 * `false` if the scheme is 'javascript:' or 'vbscript:'
@@ -3888,6 +3917,7 @@ Autolinker.matcher.UrlMatchValidator = {
 	}
 
 };
+
 /*global Autolinker */
 /**
  * A truncation feature where the ellipsis will be placed at the end of the URL.

examples/live-example/index.html

@@ -1,6 +1,8 @@
+<!DOCTYPE html>
 <html>
 
 <head>
+	<meta charset="utf-8">
 	<meta name="viewport" content="width=device-width, initial-scale=1">
 
 	<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
@@ -74,4 +76,4 @@ <h4>Code Sample:</h4>
 
 </body>
 
-</html>
+</html>

gh-pages

@@ -29,9 +29,9 @@ const pkg = require( './package.json' ),
       minDistFilePath = distFolder + minDistFilename;
 
 
-gulp.task( 'default', [ 'lint', 'build', 'test' ] );
+gulp.task( 'default', [ 'doc', 'test' ] );
 gulp.task( 'lint', lintTask );
-gulp.task( 'build', buildTask );
+gulp.task( 'build', [ 'lint' ], buildTask );
 gulp.task( 'test', [ 'build' ], testTask );
 gulp.task( 'doc', [ 'build', 'typescript' ], docTask );
 gulp.task( 'serve', [ 'typescript', 'doc' ], serveTask );

gulpfile.js

@@ -1,6 +1,6 @@
 {
   "name": "autolinker",
-  "version": "1.2.1",
+  "version": "1.3.1",
   "description": "Utility to automatically link the URLs, email addresses, phone numbers, hashtags, and mentions (Twitter, Instagram) in a given block of text/HTML",
   "main": "dist/Autolinker.js",
   "files": [

package.json

@@ -24,7 +24,8 @@ Autolinker.htmlParser.HtmlParser = Autolinker.Util.extend( Object, {
 	 * 2. If it is an end tag, this group will have the '/'.
 	 * 3. If it is a comment tag, this group will hold the comment text (i.e.
 	 *    the text inside the `<!--` and `-->`.
-	 * 4. The tag name for all tags (other than the <!DOCTYPE> tag)
+	 * 4. The tag name for a tag without attributes (other than the <!DOCTYPE> tag)
+	 * 5. The tag name for a tag with attributes (other than the <!DOCTYPE> tag)
 	 */
 	htmlRegex : (function() {
 		var commentTagRegex = /!--([\s\S]+?)--/,
@@ -62,19 +63,36 @@ Autolinker.htmlParser.HtmlParser = Autolinker.Util.extend( Object, {
 
 						'|',
 
+						// Handle tag without attributes.
+						// Doing this separately from a tag that has attributes
+						// to fix a regex time complexity issue seen with the
+						// example in https://github.com/gregjacobs/Autolinker.js/issues/172
 						'(?:',
+							// *** Capturing Group 4 - The tag name for a tag without attributes
+							'(' + tagNameRegex.source + ')',
+
+							'\\s*/?',  // any trailing spaces and optional '/' before the closing '>'
+						')',
+
+						'|',
 
-							// *** Capturing Group 4 - The tag name
+						// Handle tag with attributes
+						// Doing this separately from a tag with no attributes
+						// to fix a regex time complexity issue seen with the
+						// example in https://github.com/gregjacobs/Autolinker.js/issues/172
+						'(?:',
+							// *** Capturing Group 5 - The tag name for a tag with attributes
 							'(' + tagNameRegex.source + ')',
 
+							'\\s+',  // must have at least one space after the tag name to prevent ReDoS issue (issue #172)
+
 							// Zero or more attributes following the tag name
 							'(?:',
 								'(?:\\s+|\\b)',        // any number of whitespace chars before an attribute. NOTE: Using \s* here throws Chrome into an infinite loop for some reason, so using \s+|\b instead
 								nameEqualsValueRegex,  // attr="value" (with optional ="value" part)
 							')*',
 
 							'\\s*/?',  // any trailing spaces and optional '/' before the closing '>'
-
 						')',
 					')',
 				'>',
@@ -110,7 +128,7 @@ Autolinker.htmlParser.HtmlParser = Autolinker.Util.extend( Object, {
 		while( ( currentResult = htmlRegex.exec( html ) ) !== null ) {
 			var tagText = currentResult[ 0 ],
 			    commentText = currentResult[ 3 ], // if we've matched a comment
-			    tagName = currentResult[ 1 ] || currentResult[ 4 ],  // The <!DOCTYPE> tag (ex: "!DOCTYPE"), or another tag (ex: "a" or "img")
+			    tagName = currentResult[ 1 ] || currentResult[ 4 ] || currentResult[ 5 ],  // The <!DOCTYPE> tag (ex: "!DOCTYPE"), or another tag (ex: "a" or "img")
 			    isClosingTag = !!currentResult[ 2 ],
 			    offset = currentResult.index,
 			    inBetweenTagsText = html.substring( lastIndex, offset );
@@ -138,7 +156,14 @@ Autolinker.htmlParser.HtmlParser = Autolinker.Util.extend( Object, {
 			// Push TextNodes and EntityNodes for any text found between tags
 			if( text ) {
 				textAndEntityNodes = this.parseTextAndEntityNodes( lastIndex, text );
-				nodes.push.apply( nodes, textAndEntityNodes );
+
+				// Note: the following 3 lines were previously:
+				//   nodes.push.apply( nodes, textAndEntityNodes );
+				// but this was causing a "Maximum Call Stack Size Exceeded"
+				// error on inputs with a large number of html entities.
+				textAndEntityNodes.forEach( function( node ) {
+					nodes.push( node );
+				} );
 			}
 		}
 

src/htmlParser/HtmlParser.js

@@ -80,8 +80,8 @@ Autolinker.matcher.UrlMatchValidator = {
 			( protocolUrlMatch && !this.isValidUriScheme( protocolUrlMatch ) ) ||
 			this.urlMatchDoesNotHaveProtocolOrDot( urlMatch, protocolUrlMatch ) ||    // At least one period ('.') must exist in the URL match for us to consider it an actual URL, *unless* it was a full protocol match (like 'http://localhost')
 			(this.urlMatchDoesNotHaveAtLeastOneWordChar( urlMatch, protocolUrlMatch ) && // At least one letter character must exist in the domain name after a protocol match. Ex: skip over something like "git:1.0"
-			 !this.isValidIpAddress( urlMatch ) // Except if it's an IP address
-			)
+			   !this.isValidIpAddress( urlMatch )) || // Except if it's an IP address
+			this.containsMultipleDots( urlMatch )
 		) {
 			return false;
 		}
@@ -97,6 +97,10 @@ Autolinker.matcher.UrlMatchValidator = {
 		return uriScheme !== null;
 	},
 
+	containsMultipleDots : function ( urlMatch ) {
+		return urlMatch.indexOf("..") > -1;
+	},
+
 	/**
 	 * Determines if the URI scheme is a valid scheme to be autolinked. Returns
 	 * `false` if the scheme is 'javascript:' or 'vbscript:'
@@ -164,4 +168,4 @@ Autolinker.matcher.UrlMatchValidator = {
 		}
 	}
 
-};
+};

src/matcher/UrlMatchValidator.js

@@ -295,6 +295,11 @@ describe( "Autolinker", function() {
 					expect( result ).toBe( 'Joe went to <a href="https://ru.wikipedia.org/wiki/Кириллица?Кириллица=1#Кириллица">ru.wikipedia.org/wiki/Кириллица?Кириллица=1#Кириллица</a>' );
 				} );
 
+				it( 'should not match an address with multiple dots', function() {
+					expect( autolinker.link( 'hello:...world' ) ).toBe( 'hello:...world' );
+					expect( autolinker.link( 'hello:wo.....rld' ) ).toBe( 'hello:wo.....rld' );
+				});
+
 				describe( "protocol linking", function() {
 
 					it( "should NOT include preceding ':' introductions without a space", function() {
@@ -1419,6 +1424,7 @@ describe( "Autolinker", function() {
 			it( "should not fail with an infinite loop for these given input strings (Issue #160)", function() {
 				var inputStrings = [
 					'asdf ouefof<33we oeweofjojfew oeijwffejifjew ojiwjoiwefj iowjefojwe iofjw:)<33',
+					'<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3<3',
 					'<33<33<33<33<33<33<33<33<33<33',
 					'<33<33<33<33<33<33<33<33<33<33<33'
 				];
@@ -1473,6 +1479,32 @@ describe( "Autolinker", function() {
 			} );
 
 
+			it( "should not fail with an infinite loop for an input string with " +
+				"a string that looks like HTML (Issue #172)",
+			function() {
+				var str = '<Office%20days:%20Tue.%20&%20Wed.%20(till%2015:30%20hr),%20Thu.%20(till%2017:30%20hr),%20Fri.%20(till%2012:30%20hr).%3c/a%3e%3cbr%3e%3c/td%3e%3ctd%20style=>',
+				    result = autolinker.link( str );
+
+				expect( result ).toBe( str );
+			} );
+
+
+			it( "should not fail with a Maximum Call Stack Size Exceeded for an " +
+				"input with a large number of html entities (Issue #171)",
+			function() {
+				var testStr = (function() {
+					var t = [];
+					for (var i = 0; i < 50000; i++) {
+						t.push( ' /&gt;&lt;br' );
+					}
+					return t.join( '' );
+				})();
+
+				var result = autolinker.link( testStr );
+				expect( result ).toBe( testStr );
+			} );
+
+
 			it( "should NOT modify the email address with other tags when inside another anchor", function() {
 				var input = [
 					'<div>First name: Subin</div>',

tests/AutolinkerSpec.js

@@ -132,6 +132,32 @@ describe( "Autolinker.htmlParser.HtmlParser", function() {
 			expect( result.join( "" ) ).toBe( inputStr );
 		} );
 
+
+		it( "should properly handle tags without attributes", function() {
+			var nodes = htmlParser.parse( 'Test1 <div><span>Test2</span> Test3</div>' );
+
+			expect( nodes.length ).toBe( 7 );
+			expectTextNode   ( nodes[ 0 ], 0, 'Test1 ' );
+			expectElementNode( nodes[ 1 ], 6, '<div>', 'div', false );
+			expectElementNode( nodes[ 2 ], 11, '<span>', 'span', false );
+			expectTextNode   ( nodes[ 3 ], 17, 'Test2' );
+			expectElementNode( nodes[ 4 ], 22, '</span>', 'span', true );
+			expectTextNode   ( nodes[ 5 ], 29, ' Test3' );
+			expectElementNode( nodes[ 6 ], 35, '</div>', 'div', true );
+		} );
+
+
+		it( "should properly handle a tag where the attributes start on the " +
+			"next line",
+		function() {
+			var nodes = htmlParser.parse( 'Test <div\nclass="myClass"\nstyle="color:red"> Test' );
+
+			expect( nodes.length ).toBe( 3 );
+			expectTextNode   ( nodes[ 0 ], 0, 'Test ' );
+			expectElementNode( nodes[ 1 ], 5, '<div\nclass="myClass"\nstyle="color:red">', 'div', false );
+			expectTextNode   ( nodes[ 2 ], 44, ' Test' );
+		} );
+
 	} );
 
 
@@ -274,4 +300,13 @@ describe( "Autolinker.htmlParser.HtmlParser", function() {
 		expectTextNode( nodes[ 0 ], 0, inputStr );
 	} );
 
+
+	it( "should not freeze up the regular expression engine when presented with the input string in issue #172", function() {
+		var inputStr = '<Office%20days:%20Tue.%20&%20Wed.%20(till%2015:30%20hr),%20Thu.%20(till%2017',//:30%20hr),%20Fri.%20(till%2012:30%20hr).%3c/a%3e%3cbr%3e%3c/td%3e%3ctd%20style=>',
+		    nodes = htmlParser.parse( inputStr );
+
+		expect( nodes.length ).toBe( 1 );
+		expectTextNode( nodes[ 0 ], 0, inputStr );
+	} );
+
 } );

tests/htmlParser/HtmlParserSpec.js

@@ -1,6 +1,7 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!DOCTYPE html>
 <html>
 <head>
+	<meta charset="utf-8">
 	<title>Autolinker.js Tests</title>
 
 	<!-- Jasmine -->