zkat / ssri

97%

latest: 97%

LAST BUILD ON BRANCH zkat/strict-mode-regex

branch: zkat/strict-mode-regex

CHANGE BRANCH

x

Reset

• zkat/strict-mode-regex
• dependabot/npm_and_yarn/handlebars-4.5.3
• dependabot/npm_and_yarn/handlebars-4.7.6
• dependabot/npm_and_yarn/handlebars-4.7.7
• dependabot/npm_and_yarn/hosted-git-info-2.8.9
• dependabot/npm_and_yarn/ini-1.3.7
• dependabot/npm_and_yarn/lodash-4.17.15
• dependabot/npm_and_yarn/lodash-4.17.19
• dependabot/npm_and_yarn/lodash-4.17.21
• dependabot/npm_and_yarn/standard-version-8.0.1
• dependabot/npm_and_yarn/y18n-3.2.2
• latest
• v2.0.0
• v3.0.0
• v3.0.1
• v3.0.2
• v4.0.0
• v4.1.0
• v4.1.1
• v4.1.2
• v4.1.3
• v4.1.4
• v4.1.5
• v4.1.6
• v5.0.0
• v5.1.0
• v5.2.0
• v5.2.1
• v5.2.2
• v5.2.3
• v5.2.4
• v5.3.0
• v6.0.0
• v6.0.1
• zkat/relicense

Build # 69

Build Type

push

travis-ci

Committed by zkat

Commit Message

fix(security): tweak strict SRI regex

The previous form was vulnerable to ReDoS attacks, by
crafting exceptionally long base64 hash strings.

This issue only affected consumers using the opts.strict option.

Run Details

137 of 147 branches covered (93.2%)

Branch coverage included in aggregate %.

175 of 175 relevant lines covered (100.0%)

142.54 hits per line