Limit colour strings to 200 chars, helps reduce effect of potential ReDoS

2025-12-06 03:51:40 +01:00 · 2025-10-18 14:52:17 +01:00 · 2025-10-18 14:52:17 +01:00 · 206eb4a89a
commit 206eb4a89a
parent c1c16ed3e6
1 changed files with 4 additions and 1 deletions
--- a/lib/colour.js
+++ b/lib/colour.js
@ -139,7 +139,10 @@ function toColorspace (colorspace) {
 * @throws {Error} Invalid value
 */
 function _getBackgroundColourOption (value) {
-  if (is.object(value) || is.string(value)) {
+  if (
+    is.object(value) ||
+    (is.string(value) && value.length >= 3 && value.length <= 200)
+  ) {
    const colour = color(value);
    return [
      colour.red(),