fix: Avoid RegExp lookbehind assertions (#3816) #3817
Conversation
RegExp lookbehind assertions are supported in Safari >= 16.5, avoiding them keeps support for older Safari versions.
|
@ziadkh0 is attempting to deploy a commit to the MarkedJS Team on Vercel. A member of the Team first needs to authorize it. |
Summary of ChangesHello @ziadkh0, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a browser compatibility issue by refactoring regular expressions to remove lookbehind assertions, which are not universally supported across all browser versions. The primary goal is to ensure that the markdown parsing library remains functional and compatible with older Safari versions (pre-16.5) while accurately handling inline code blocks during the lexing process. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request aims to remove RegExp lookbehind assertions to improve compatibility with older Safari versions. The changes in src/rules.ts and src/Lexer.ts are a good step in this direction. However, the fix is incomplete as a lookbehind assertion remains in the link regex. Additionally, there appears to be a typo in the new code regex. My review includes comments to address these issues.
|
I noticed |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
ya updating recheck.js would be helpful. I don't think the d flag would change whether or not the regexp is vulnerable to redos. |
|
the full regexp looks safe |
|
It looks like this does slow marked down significantly.
|
|
@styfle @calculuschild is it worth it to slow marked down to support ~0.25% of users? I'm on the fence 
|
|
I would say not worth it. The core marked should prioritize speed for the 99.75% of users. If somebody really needs to support old browsers, I recommend an older version or making a fork. |
|
I can feature detect support and make the lookbehind-less version a fallback, that way it's win-win. What do you think? |
|
Only marginal difference on a M1 MacBook Air. 🤷♂️
|
|
I'm getting big run to run variance when running |
|
The times are not consistent due to other things taking up the processor during part of it but the time for marked relative to the other in one run should be fairly consistent. Mine is usually within 2% so a 7% change seems significant |
|
I have seen a difference of 10% between slowest run and fastest run (e.g. |
That seems like unnecessary maintenance burden to make sure the two version of the regexp + code are in sync. |
|
For what it's worth, in the usage stats you forgot to include iOS Safari ~1% of users 
|
|
Any chance this could just be made as an extension? |
|
I ran Am I the only one unable to get a consistent run to run results? |
|
I made the lookbehind-less version a fallback for engines that don't support them, and changed the implementation a bit to improve performance. @UziTech, can you please rerun the benchmark on the most recent commit? 🤞 As for the maintenance burden, I'm willing to maintain support for Safari 15.6. 😄 |
RegExp lookbehind assertions are supported in Safari >= 16.5. But the lookbehind-less version has a performance penalty. So having a fallback keeps support for older Safari versions while maintaining performance for modern engines.
|
@UziTech Thank you for testing and approving this PR! 😄
|
|
| .replace('code', /(?<!`)(?<b>`+)[^`]+\k<b>(?!`)/) | ||
| const blockSkip = edit(/link|precode-code|html/, 'g') | ||
| .replace('link', /\[(?:[^\[\]`]|(?<a>`+)[^`]+\k<a>(?!`))*?\]\((?:\\[\s\S]|[^\\\(\)]|\((?:\\[\s\S]|[^\\\(\)])*\))*\)/) | ||
| .replace('precode-', supportsLookbehind ? '(?<!`)()' : '(^^|[^`])') |
There was a problem hiding this comment.
My only thought now is about testing. Are we testing both possibilities (with lookbehind and without)?
There was a problem hiding this comment.
No, only with lookbehind as Node supports it since version 8.10.
I don't know which approach is best suited to test without lookbehind support. 🤔
I think ideally, tests should be run in an environment that doesn't support lookbehind (like Safari < 16.4) but I'm not sure its possible...
4 participants
RegExp lookbehind assertions are supported in Safari >= 16.5, avoiding them keeps support for older Safari versions.
Marked version: 16.4.1
Markdown flavor: n/a
Description
Contributor
Committer
In most cases, this should be a different person than the contributor.