[Bug]: Inefficient regex in the no-unknown-property rule

[SCH227]

Is there an existing issue for this?

• I have searched the existing issues and my issue is unique
• My issue appears in the command-line and not only in the text editor

Description Overview

The regex in charge of parsing data attributes in the no-unknown-property rule is vulnerable to catastrophic backtracking:
https://github.com/jsx-eslint/eslint-plugin-react/blob/master/lib/rules/no-unknown-property.js#L431

Here's an example payload:
https://regex101.com/r/GvfmhG/1

As a result, the function isValidDataAttribute(name) is affected.

According to the project maintainers contacted via the security channel, there aren't security concerns given how eslint-plugin-react is used.

Possible Fix:
The root cause of the exponential complexity in isValidDataAttribute() regex seems to be the nested quantifier. In my tests, the following regex avoids that while retaining the same matching capability as the old one: ^data(-?[-[^:]]*)$
Note that both regexes (the old and the proposed one) match "data" or "data-", which are not valid according to the HTML5 specification.

Expected Behavior

Process executing not in exponential time.

eslint-plugin-react version

v7.33.2

eslint version

v8.54.0

node version

v18.13.0

[ljharb]

Unfortunately using that regex causes 16 test failures.

[SCH227]

Sorry, the proposed regex fix was miswritten. This should work ok: ^data(-?[^:]*)$

[ljharb]

Thanks!

[jeremydrichardson]

You mention:

Note that both regexes (the old and the proposed one) match "data" or "data-", which are not valid according to the HTML5 specification.

Did you ever find an explanation as to why that is? That means it's going to incorrectly flag props that start with data (eg. dataLayer, dataAmount, etc...)

[ljharb]

@jeremydrichardson if that’s the case, please file a new issue and we can fix that too