Redirector config contains regexp with catastrophic backtracking

Regexp in Redirector config is susceptible to catastrophic backtracking causing enormous CPU usage and even browser halt whenever user visits a page with long enough URL.

Related issue in Redirector tracker

I have proposed an update to regexp in the issue but I am not sure what medium subdomain limitations are. Maybe we can shrink number of steps the regex engine takes even more?

Assigned to
6 months ago
4 months ago
No labels applied.

~edwardloveall 6 months ago

Thank you for the report. Do you have a sample redirect I could test with? I'm considering abandoning Redirector and suggesting people use LibRedirect instead. It think it's possible for it to be smarter. As a bonus, it supports multiple instances. But I'd like to try it on a link that is a known problem before I suggest it.

~jtraub 6 months ago*

Sure, try this one


Google throws 400 error on this url, but with scribe.rip enabled in redirector attempt to visit this url will hang your browser.

I suppose your other solution will hang too on such urls because the regex itself makes the js regex engine to take too many steps.

UPD: (?:.*\.)* causes backtracking so you need a dozen of dots in URL for this problem to appear. However, it seems that long URLs with many dots in it are not that uncommon on the web: Amazon and Google seems to use them.

~edwardloveall 5 months ago

Thanks! I did some tests and LibRedirect performs much better, so I'll switch to that.

~kaki87 4 months ago*


I would like to suggest fixing and keeping the Redirector config alongside LibRedirect.

Some users who already use Redirector for more than redirecting to alternative frontends, or redirect to unlisted alternative frontends, would like not to have to install yet another extension.

Additionally, LibRedirect isn't even available on the Chrome Web Store.


~edwardloveall 4 months ago

I do understand having to uninstall more extensions. That's annoying.

Unfortunately, maintaining the config has been one piece of Scribe that has needed a lot of maintenance and attention compared to the app itself. I had custom infrastructure in Scribe itself to facilitate the config, which had nothing to do with reading articles. Other bugs and this issue which broke web browsers was too much. So I decided to outsource the problem to an extension for people who want this optional behavior.

It's still possible to use Redirector of course, and if someone wanted to maintain a Redirector config for Scribe, I would link to it.

~kaki87 4 months ago

Okay, would it be possible to get the list of URLs that are supposed to match ? Thanks

Register here or Log in to comment, or comment via email.