starred/markdig
1
0
Fork 0
mirror of https://github.com/xoofx/markdig.git synced 2026-02-11 13:54:50 +00:00
Code Issues 690 Packages Projects Releases 21 Wiki Activity

Depth limit exceeded on non-malicious markdown content #426

New Issue
Open
opened 2026-01-29 14:36:23 +00:00 by claunia · 6 comments
claunia commented 2026-01-29 14:36:23 +00:00
Owner
Copy Link

Originally created by @yufeih on GitHub (Jan 21, 2021).

This file raises depth limit exceeded exception in version 0.23.0 due to #500.

Some additional info:

  • That file is an auto generated API reference page.
  • I cannot give a reasonable depth limit that don't break all content in docs.microsoft.com, but a depth limit configuration is a good start to mitigate the problem.
  • I did some perf profiling of markdig on a bunch of real markdown files used by docs.microsoft.com and the hottest function inside markdig is FindLastContainer. I don't have enough time to dig deeper, not sure if there are faster ways to find the last container (like tracking its location instead of search the tree each time?)

https://github.com/dotnet/docfx/pull/7016

Originally created by @yufeih on GitHub (Jan 21, 2021). [This file](https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/api-reference/beta/api/intune-deviceconfig-macosdevicefeaturesconfiguration-create.md) raises depth limit exceeded exception in version 0.23.0 due to #500. Some additional info: - That file is an auto generated API reference page. - I cannot give a reasonable depth limit that don't break all content in docs.microsoft.com, but a depth limit configuration is a good start to mitigate the problem. - I did some perf profiling of markdig on a bunch of real markdown files used by docs.microsoft.com and the hottest function inside markdig is [`FindLastContainer`](https://github.com/xoofx/markdig/pull/500/files#diff-a3f6a991f6aa7df0c1a521fb37af183e8784d46fc93beb770e00642501983916R307). I don't have enough time to dig deeper, not sure if there are faster ways to find the last container (like tracking its location instead of search the tree each time?) https://github.com/dotnet/docfx/pull/7016
claunia added the bug label 2026-01-29 14:36:23 +00:00
claunia commented 2026-01-29 14:36:24 +00:00
Author
Owner
Copy Link

@MihaZupan commented on GitHub (Jan 21, 2021):

Just looking at the file, we shouldn't be approaching the current 10k limit 🤔

I will look into what is happening here this week.

@MihaZupan commented on GitHub (Jan 21, 2021): Just looking at the file, we shouldn't be approaching the current 10k limit 🤔 I will look into what is happening here this week.
claunia commented 2026-01-29 14:36:26 +00:00
Author
Owner
Copy Link

@MihaZupan commented on GitHub (Jan 22, 2021):

Something weird is happening with table parsing here.

Whenever we have single backticks '`' in different lines, Markdig will give up on the table and parse it into a very deep model - one nested level for each pipe character!

Example demonstrating this: https://gist.github.com/MihaZupan/98621af5788f570f0dd0b809f1f3489b
Note the "BadTable" being rather small, but with 2 extra backticks - this will fail to parse as a table in Markdig.
The "GoodTable", approaching but under 10k cells, will parse as a table just fine.

You can see that this is happening for the sample file you mentioned. If you browse to the rendered docs page, you will see that it's completely broken:
https://docs.microsoft.com/en-us/graph/api/intune-deviceconfig-macosdevicefeaturesconfiguration-create?view=graph-rest-beta#request-body

In the sample file, the problem is caused by the standalone ` in this line of the table (left of "console"):

consoleAccessDisabled Boolean Whether the Other user will disregard use of the `>console> special user name.

So the issue for that specific file can be solved by just removing the extra backtick, but we'll have to investigate what's going on overall.

@MihaZupan commented on GitHub (Jan 22, 2021): Something weird is happening with table parsing here. Whenever we have single backticks '\`' in different lines, Markdig will give up on the table and parse it into a very deep model - **one nested level for each pipe character!** Example demonstrating this: https://gist.github.com/MihaZupan/98621af5788f570f0dd0b809f1f3489b Note the "BadTable" being rather small, but with 2 extra backticks - this will fail to parse as a table in Markdig. The "GoodTable", approaching but under 10k cells, will parse as a table just fine. You can see that this is happening for the sample file you mentioned. If you browse to the rendered docs page, you will see that it's completely broken: https://docs.microsoft.com/en-us/graph/api/intune-deviceconfig-macosdevicefeaturesconfiguration-create?view=graph-rest-beta#request-body In the sample file, the problem is caused by the standalone \` in this line of the table (left of "console"): |consoleAccessDisabled|Boolean|Whether the Other user will disregard use of the `>console> special user name.| |-|-|-| So the issue for that specific file can be solved by just removing the extra backtick, but we'll have to investigate what's going on overall.
claunia commented 2026-01-29 14:36:26 +00:00
Author
Owner
Copy Link

@yufeih commented on GitHub (Jan 22, 2021):

Nice catch! I could forward to the relevant folks to see if we could escape the problematic ` in the API generation process.

GitHub seems to be rendering that table just fine, I'm not sure if this is another difference between GFM and CommonMark.

@yufeih commented on GitHub (Jan 22, 2021): Nice catch! I could forward to the relevant folks to see if we could escape the problematic ` in the API generation process. GitHub seems to be rendering that table just fine, I'm not sure if this is another difference between GFM and CommonMark.
claunia commented 2026-01-29 14:36:27 +00:00
Author
Owner
Copy Link

@xoofx commented on GitHub (Jan 22, 2021):

GitHub seems to be rendering that table just fine, I'm not sure if this is another difference between GFM and CommonMark.

Yeah, it's a known issue. GitHub is not using the same logic to decode a table. I started before they did their work on CommonMark and we didn't choose the same behavior.

@xoofx commented on GitHub (Jan 22, 2021): > GitHub seems to be rendering that table just fine, I'm not sure if this is another difference between GFM and CommonMark. Yeah, it's a known issue. GitHub is not using the same logic to decode a table. I started before they did their work on CommonMark and we didn't choose the same behavior.
claunia commented 2026-01-29 14:36:28 +00:00
Author
Owner
Copy Link

@xoofx commented on GitHub (Jan 22, 2021):

Also, the code for parsing a grid table in markdig is awful to work with, I'm not really proud of it 😅 , so if anyone is interested in making an implementation that is GitHub compliant, you are welcome 😉

@xoofx commented on GitHub (Jan 22, 2021): Also, the code for parsing a grid table in markdig is awful to work with, I'm not really proud of it 😅 , so if anyone is interested in making an implementation that is GitHub compliant, you are welcome 😉
claunia commented 2026-01-29 14:36:29 +00:00
Author
Owner
Copy Link

@saipramod commented on GitHub (Apr 7, 2022):

I was trying to understand this a bit more as the error scenario behavior was not consistent. I think I understand the root cause by sifting through the code.

Doesnot work:

| Header 1  | Another header here | This is a long header |
| --------  | ------------------- | --------------------- |
| Some data | Some more data      | data                  | 
| data      | Some long data here | more data             | 
| Some data | Some more data      | data                  | 
| data      | Some long data here | more data             | 
| Some data | Some more data      | data                  | 
| data      | Some long data here | more data             | 
| Some data | Some more data      | data                  | 
| data      | Some long data here | more data             | 
| Some data | Some more data      | data                  | 
| data      | Some long data here | more data             | 
| Some data | Some more data      | data                  | 
| data      | Some long data here | more data             | 
| Some data | Some more data      | data                  | 
| data      | Some long data here | more data             | 
A basic table

Works:

| Header 1  | Another header here | This is a long header |
| --------  | ------------------- | --------------------- |
| Some data | Some more data      | data                  | 
| data      | Some long data here | more data             | 
| Some data | Some more data      | data                  | 
| data      | Some long data here | more data             | 
| Some data | Some more data      | data                  | 
| data      | Some long data here | more data             | 
| Some data | Some more data      | data                  | 
| data      | Some long data here | more data             | 
| Some data | Some more data      | data                  | 
| data      | Some long data here | more data             | 
| Some data | Some more data      | data                  | 
| data      | Some long data here | more data             | 
| Some data | Some more data      | data                  | 
| data      | Some long data here | more data             | 

A basic table

Please notice how i have a new line character explicitly after the table has ended. This helped the BlockParser to put the A basic table into a seperate block as opposed to including it with the table itself.

Let me know if this makes sense.

@saipramod commented on GitHub (Apr 7, 2022): I was trying to understand this a bit more as the error scenario behavior was not consistent. I think I understand the root cause by sifting through the code. **Doesnot work:** ``` | Header 1 | Another header here | This is a long header | | -------- | ------------------- | --------------------- | | Some data | Some more data | data | | data | Some long data here | more data | | Some data | Some more data | data | | data | Some long data here | more data | | Some data | Some more data | data | | data | Some long data here | more data | | Some data | Some more data | data | | data | Some long data here | more data | | Some data | Some more data | data | | data | Some long data here | more data | | Some data | Some more data | data | | data | Some long data here | more data | | Some data | Some more data | data | | data | Some long data here | more data | A basic table ``` **Works:** ``` | Header 1 | Another header here | This is a long header | | -------- | ------------------- | --------------------- | | Some data | Some more data | data | | data | Some long data here | more data | | Some data | Some more data | data | | data | Some long data here | more data | | Some data | Some more data | data | | data | Some long data here | more data | | Some data | Some more data | data | | data | Some long data here | more data | | Some data | Some more data | data | | data | Some long data here | more data | | Some data | Some more data | data | | data | Some long data here | more data | | Some data | Some more data | data | | data | Some long data here | more data | A basic table ``` Please notice how i have a new line character explicitly after the table has ended. This helped the BlockParser to put the `A basic table` into a seperate block as opposed to including it with the table itself. Let me know if this makes sense.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
documentation
enhancement
extension
Hacktoberfest
invalid
PR Welcome!
pull-request
Mirrored from GitHub Pull Request
 question
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/markdig#426
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?