Ovilia opened a new pull request, #160: URL: https://github.com/apache/echarts-handbook/pull/160
**Background** We received a user-reported security finding about a potential ReDoS (Regular Expression Denial of Service) risk in the dataset filter transform when the `reg` option is driven by untrusted input. **Issue** The filter’s `config.reg` compiles user-supplied strings into `RegExp` and runs them on every row without checks on pattern complexity or length, which can lead to catastrophic backtracking and DoS (browser tab freeze or SSR blocking). **Decision** We are documenting this in the handbook instead of changing runtime behavior: the Security Guidelines (zh & en) now describe the risk and recommend mitigations (e.g. validating or restricting `reg` when config can be untrusted). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
