anandthakker · pkuczynski · Nov 10, 2020 · Mar 26, 2019 · Oct 30, 2020 · Oct 30, 2020
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## Unreleased
+
+* Fix possible regular expression catastrophic backtracking [\#105](https://github.com/anandthakker/doiuse/pull/105)
+
 ## 4.3.1 (2020-10-30)
 
 * Optimize package size by ignoring .idea and .github folders

diff --git a/data/features.js b/data/features.js
@@ -1,18 +1,16 @@
 var list = require('postcss/lib/list')
 var pats = {
   attrcc: '[^\\~|^$*\\]]*',
-  brackets: /(\[[^\]]*\]|\([^\)]*\))/.source,
-  nobrackets: /[^\[\]\(\)]/.source
+  brackets: /\[[^\]]*\]|\([^\)]*\)/g
 }
+
 function matchOutsideOfBrackets(pat) {
   if (!(pat instanceof RegExp)) {
     throw new TypeError('matchOutsideOfBrackets expects a RegExp')
   }
-  var fullPat = new RegExp(
-    '^(' + pats.brackets + '?' + pats.nobrackets + '*)*' + pat.source
-  )
-  return function match(str) {
-    return pat.test(str) && fullPat.test(str)
+
+  return function(str) {
+	  return pat.test(str.replace(pats.brackets, ''))
   }
 }
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -46,6 +46,7 @@
     "@babel/core": "^7.12.3",
     "mock-fs": "^4.13.0",
     "postcss-import": "^13.0.0",
+    "safe-regex": "^2.1.1",
     "tape": "^5.0.1"
   },
   "scripts": {

diff --git a/test/regex.js b/test/regex.js
@@ -0,0 +1,26 @@
+const test = require('tape')
+const safe = require('safe-regex')
+const features = require('../data/features')
+
+regexes = []
+
+for (var feature of Object.values(features)) {
+	for (var property of Object.values(feature)) {
+		if (!property || !(property instanceof Array)){
+			continue;
+		}
+
+		for (var item of property) {
+		  if (item instanceof RegExp) {
+			  regexes.push(item)
+		  }
+		}
+	}
+}
+
+for (var regex of regexes) {
+	test('Regex safety check: /' + regex.source + '/', function(t) {
+		t.ok(safe(regex))
+		t.end()
+	})
+}