id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
7336	DoS on malformed markdown input	anders@…	nobody	"When using the markdown template filter to format text, input with malformed markdown like the following will cause the entire django server to hang, consuming 100% CPU: 

{{{
 [First Link[ (http://www.example.com/file.html) and [Second Blah Link](http://www.amazon.com/Chinese-Business-Etiquette-Protocol-Republic/dp/0446673870/ref=sr_1_1?ie=UTF8&s=books&qid=1211092179&sr=8-1) [Third Link](http://www.example.com/?blah=blah&blah-blah=blah-blah)
}}}

Note the ""[First Link["" typo. That seems to send the markdown parser into some kind of loop, making it do exponentially more work for each link that appears in the text after that point. There's something more to it that that amazon url triggers. Simpler urls in succeeding links don't cause it to behave quite as badly and I haven't had time to make a simpler test case.

This was first noticed on a production site being served with mod_wsgi (hitting the url that served up the offending content would make the entire site unresponsive until the apache process was manually killed) and verified in a standalone development environment. "		closed	Template system	dev		invalid	markdown		Unreviewed	0	0	0	0	0	0