mirror of
https://github.com/simstudioai/sim.git
synced 2026-04-28 03:00:29 -04:00
0e6ada4bdb
* fix(security): resolve ReDoS vulnerability in function execute tag pattern Simplified regex to eliminate overlapping quantifiers that caused exponential backtracking on malformed input without closing delimiter. * fix(security): exclude trailing-dot refs and hoist tag pattern to module level * fix(security): align tag pattern with codebase standard [^<>]+ pattern Matches createReferencePattern() from reference-validation.ts used by the core executor. Invalid refs handled gracefully by resolveBlockReference. * refactor(security): use createReferencePattern() instead of inline regex