diff --git a/assets/style.css b/assets/style.css index 59ba38e..31bec02 100644 --- a/assets/style.css +++ b/assets/style.css @@ -32,8 +32,9 @@ p,.tag-list{margin-bottom:0px} .column-0{margin-right:5px;} @media (prefers-color-scheme: dark){ - body, input, select, textarea{ + body, input, select, textarea, pre, code{ background: #1c1428; color: #d0d4d8 !important; } + .spoiler, .spoiler2{color:#444;} } diff --git a/src/lua/parser_imageboard.lua b/src/lua/parser_imageboard.lua index c7b0aa1..2d8902a 100644 --- a/src/lua/parser_imageboard.lua +++ b/src/lua/parser_imageboard.lua @@ -50,11 +50,21 @@ local word = Cs((1 - special)^1) * space / sanitize --Generates a pattern that formats text inside matching 'seq' tags with format --ex wrap("^^",[[%s]]) --will wrap text "5^^3^^" as "53" -local function wrap(seq,format) +--The third argument is nessessary to stop exponential backtracking. This removes +--a DOS vulnerability: If tags are nested really deep, the parser can lock up, +--potentially locking up all processes. +--[[ +local function wrap(seq,format,V"sup") return P(seq) * Cs(((V"marked" + word + P"\n"))^1) * P(seq) / function(a) return string.format(format,a) end end +]] +local function wrap(seq,format,s) + return P(seq) * Cs((((V"marked" - s) + word + P"\n"))^1) * P(seq) / function(a) + return string.format(format,a) + end +end --Generates a pattern that formats text inside opening and closing "name" tags --with a format, BB forum style @@ -69,13 +79,13 @@ end local grammar = P{ "chunk"; --regular - spoiler = wrap("**",[[%s]]), + spoiler = wrap("**",[[%s]],V"spoiler"), spoiler2 = tag("spoiler",[[%s]]), - italic = wrap("''",[[%s]]), - bold = wrap("'''",[[%s]]), - underline = wrap("__",[[%s]]), - heading = wrap("==",[[
%s
]]),
greentext = P">" * (B"\n>" + B">") * Cs((V"marked" + word)^0) / function(a)
return string.format([[>%s]],a)
@@ -86,6 +96,7 @@ local grammar = P{
marked = V"spoiler" + V"bold" + V"italic" + V"underline" + V"heading" + V"strike" + V"spoiler2" + V"code",
plainline = (V"marked" + word)^0,
line = Cs(V"greentext" + V"pinktext" + V"plainline" + P"") * P"\n" / function(a)
+ print("Found line:",a)
if a == "\r" then
return "