From 1ac3ab619e7d061ee5e2d50cf798f077bec1ec28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thiemo=20M=C3=A4ttig?= Date: Mon, 10 Jul 2017 11:44:58 +0200 Subject: [PATCH] More strict regular expressions for CSS parsing Having greedy .* matchers in these regular expressions is quite scary, and a possible source of hard to track errors. For example, a string like "height:8px;left:3ex" will make these regular expressions succeed, even if they shouldn't. The substring "8px;left;3" will be fetched, and most probably turned into something unexpected like "8ex" for the calculations below. Change-Id: Ia6753a58802fb3f3c5df4d2b35a6d8e616835f20 --- modules/ve-math/tools/makeSvgsAndCss.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ve-math/tools/makeSvgsAndCss.js b/modules/ve-math/tools/makeSvgsAndCss.js index 434e90a..b92c629 100755 --- a/modules/ve-math/tools/makeSvgsAndCss.js +++ b/modules/ve-math/tools/makeSvgsAndCss.js @@ -101,8 +101,8 @@ buttonHeight = symbol.largeLayout ? singleButtonHeight * 4 : singleButtonHeight * 1.9931; // height and verticalAlign rely on the format of the SVG parameters // HACK: Adjust these by a factor of 0.8 to match VE's default font size of 0.8em - height = parseFloat( data.mathoidStyle.match( /height\:\s*(.*)ex/ )[ 1 ] ) * 0.8; - verticalAlign = -parseFloat( data.mathoidStyle.match( /vertical-align\:\s*(.*)ex/ )[ 1 ] ) * 0.8; + height = parseFloat( data.mathoidStyle.match( /height:\s*([\d.]+)ex/ )[ 1 ] ) * 0.8; + verticalAlign = -parseFloat( data.mathoidStyle.match( /vertical-align:\s*([\d.]+)ex/ )[ 1 ] ) * 0.8; // CSS percentage positioning is based on the difference between the image and container sizes heightDifference = buttonHeight - height; offset = 100 * ( verticalAlign - height + ( baseline * buttonHeight ) ) / heightDifference;