More strict regular expressions for CSS parsing

Having greedy .* matchers in these regular expressions is quite scary, and a possible source of hard to track errors. For example, a string like "height:8px;left:3ex" will make these regular expressions succeed, even if they shouldn't. The substring "8px;left;3" will be fetched, and most probably turned into something unexpected like "8ex" for the calculations below. Change-Id: Ia6753a58802fb3f3c5df4d2b35a6d8e616835f20
2017-07-10 11:44:58 +02:00 · 2017-07-10 11:44:58 +02:00 · 1ac3ab619e
parent ed7fdd990c
commit 1ac3ab619e
1 changed files with 2 additions and 2 deletions
--- a/modules/ve-math/tools/makeSvgsAndCss.js
+++ b/modules/ve-math/tools/makeSvgsAndCss.js
@ -101,8 +101,8 @@
 						buttonHeight = symbol.largeLayout ? singleButtonHeight * 4 : singleButtonHeight * 1.9931;
 						// height and verticalAlign rely on the format of the SVG parameters
 						// HACK: Adjust these by a factor of 0.8 to match VE's default font size of 0.8em
-						height = parseFloat( data.mathoidStyle.match( /height\:\s*(.*)ex/ )[ 1 ] ) * 0.8;
-						verticalAlign = -parseFloat( data.mathoidStyle.match( /vertical-align\:\s*(.*)ex/ )[ 1 ] ) * 0.8;
+						height = parseFloat( data.mathoidStyle.match( /height:\s*([\d.]+)ex/ )[ 1 ] ) * 0.8;
+						verticalAlign = -parseFloat( data.mathoidStyle.match( /vertical-align:\s*([\d.]+)ex/ )[ 1 ] ) * 0.8;
 						// CSS percentage positioning is based on the difference between the image and container sizes
 						heightDifference = buttonHeight - height;
 						offset = 100 * ( verticalAlign - height + ( baseline * buttonHeight ) ) / heightDifference;