Fix prismjs string template literal regex (#2719)

Those regex were reporting to have some vulnerability for performance, not sure if this fixes it but I think those were errors to start with and this is the way the swift prism definition does with with `\(` instead of `${` --------- Co-authored-by: Mark Cowlishaw <[email protected]>
microsoft · Dec 5, 2023 · 211ca4f · 211ca4f
1 parent 0b01d95
commit 211ca4f
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 5 deletions.
diff --git a/common/changes/@typespec/playground/fix-string-template-regex-prism_2023-12-05-17-11.json b/common/changes/@typespec/playground/fix-string-template-regex-prism_2023-12-05-17-11.json
@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@typespec/playground",
+      "comment": "Add `noopener noreferrer` to footer external links",
+      "type": "none"
+    }
+  ],
+  "packageName": "@typespec/playground"
+}
diff --git a/cspell.yaml b/cspell.yaml
@@ -39,6 +39,8 @@ words:
   - multis
   - munge
   - mylib
+  - noopener
+  - noreferrer
   - nostdlib
   - oapi
   - oneof

diff --git a/packages/playground/src/react/footer/footer-item.tsx b/packages/playground/src/react/footer/footer-item.tsx
@@ -11,7 +11,7 @@ export interface FooterItemProps {
 export const FooterItem: FunctionComponent<FooterItemProps> = ({ children, link, className }) => {
   const resolvedClassName = mergeClasses(style["footer-item"], className);
   return link ? (
-    <a className={resolvedClassName} href={link} target="_blank">
+    <a className={resolvedClassName} href={link} target="_blank" rel="noopener noreferrer">
       {children}
     </a>
   ) : (

diff --git a/packages/website/src/theme/typespec-lang-prism.ts b/packages/website/src/theme/typespec-lang-prism.ts
@@ -34,23 +34,22 @@ const lang = {
   },
 
   string: [
-    // https://docs.swift.org/swift-book/LanguageGuide/StringsAndCharacters.html
     {
       pattern: new RegExp(
         /(^|[^"#])/.source +
           "(?:" +
           // multi-line string
-          /"""(?:\\(?:\$\{(?:[^{}]|\$\{[^{}]*\})*\}|[^(])|[^\\"]|"(?!""))*"""/.source +
+          /"""(?:\$(?:\{(?:[^{}]|\{[^{}]*\})*\}|[^{])|[^$"]|"(?!""))*"""/.source +
           "|" +
           // single-line string
-          /"(?:\\(?:\$\{(?:[^{}]|\$\{[^{}]*\})*\}|\r\n|[^(])|[^\\\r\n"])*"/.source +
+          /"(?:\$(?:\{(?:[^{}]|\{[^{}]*\})*\}|\r\n|[^{])|[^$\r\n"])*"/.source +
           ")"
       ),
       lookbehind: true,
       greedy: true,
       inside: {
         interpolation: {
-          pattern: /(\$\{)(?:[^{}]|\$\{[^{}]*\})*(?=\})/,
+          pattern: /(\$\{)(?:[^{}]|\{[^{}]*\})*(?=\})/,
           lookbehind: true,
           inside: null, // see below
         },