[Refactor] Handle pathological strings better#13
Merged
Conversation
Member
|
If there's no regression test I'm not sure it's worth fixing. |
ericcornelissen
force-pushed
the
patch-1
branch
from
8cb4b58 to
dc29649
Compare
Contributor
Author
|
I added a test case for it now1. Let me know what you think.
I'm open to creating an abstraction for it to hide the relative complexity of the test logic (e.g. in the form of a library/extension for tape). Footnotes
|
ljharb
reviewed
Nov 17, 2025
ericcornelissen
force-pushed
the
patch-1
branch
from
dc29649 to
68f7b7b
Compare
ericcornelissen
commented
Nov 19, 2025
Contributor
Author
|
@ljharb friendly ping, in case this fell of your radar. The CI failure is due to a timeout while installing Node.js/npm dependencies. |
Contributor
Author
|
@ljharb, anything I can do to move this forward? |
Improve input string that are pathological by virtue of containing lots of whitespace but not at the end or start of the string. Such strings can lead to quadratic runtime of the `rightWhitespace` regular expression, unnecessarily consuming computational resources. This patch addresses the problem by ensuring that the string does end with a whitespace character before removing whitespace character from the end of the string. This ensures that pathological inputs cannot cause quadratic runtime because such inputs won't reach the `rightWhitespace` expression. An alternative solution would be to have a negative lookbehind in the `rightWhitespace` expression. But, this regexp feature was not yet available in versions of JavaScript for which this polyfill is meant, hence it is not viable. The change is tested with a pathalogical input in the test suite. This is supported by the assert-time package which faciliates enforcing a maximum runtime on the function call.
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
ericcornelissen
commented
Jun 5, 2026
Member
|
sorry for the errant push; i'm still reviewing this. |
ljharb
approved these changes
Jun 5, 2026
ljharb
added a commit
to es-shims/String.prototype.trimEnd
that referenced
this pull request
Jun 5, 2026
…itespace runs The `$`-anchored `endWhitespace` regexp retried its match at every index, running in O(n^2) on inputs with a large internal whitespace run followed by a non-whitespace character (e.g. `'A' + ' '.repeat(1e5) + 'A'`). Trim trailing whitespace by scanning back from the end for the boundary instead; that is linear regardless of where the whitespace lives, and needs no new dependencies (`call-bound` is already a dependency). `slice(this, 0)` preserves the original RequireObjectCoercible + ToString coercion. see es-shims/String.prototype.trim#13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Improve input string that are pathological by virtue of containing lots of whitespace but not at the end or start of the string. Such strings can lead to quadratic runtime of the
rightWhitespaceregular expression, unnecessarily consuming computational resources.This patches addresses the problem by ensuring that the string does end with a whitespace character before removing whitespace character from the end of the string. This ensures that pathological inputs cannot cause quadratic runtime because such inputs won't reach the
rightWhitespaceexpression.An alternative solution would be to have a negative lookbehind in the
rightWhitespaceexpression. But, this regexp feature was not yet available in versions of JavaScript for which this polyfill is meant, hence it is not viable.