Mathis/sharp
1
0
Fork 0
mirror of https://github.com/lovell/sharp.git synced 2025-12-06 03:51:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Limit colour strings to 200 chars, helps reduce effect of potential ReDoS

Browse Source
This commit is contained in:
Lovell Fuller 2025-10-18 14:52:17 +01:00
parent c1c16ed3e6
commit 206eb4a89a
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/colour.js
View File

@ -139,7 +139,10 @@ function toColorspace (colorspace) {
* @throws {Error} Invalid value * @throws {Error} Invalid value
*/ */
function _getBackgroundColourOption (value) { function _getBackgroundColourOption (value) {
if (is.object(value) || is.string(value)) { if (
is.object(value) ||
(is.string(value) && value.length >= 3 && value.length <= 200)
) {
const colour = color(value); const colour = color(value);
return [ return [
colour.red(), colour.red(),