From 1910a3cdb2ce5ad31809c9030789663d5e8fd5a6 Mon Sep 17 00:00:00 2001
From: Alex Kocharin <alex@kocharin.ru>
Date: Thu, 19 Nov 2020 23:42:07 +0300
Subject: [PATCH] Limit () nesting inside urls

Allow no more than 32 levels of nesting in `[]( (((((....))))) )`
for performance reasons.

close https://github.com/markdown-it/markdown-it/issues/732
---
 CHANGELOG.md                          | 1 +
 lib/helpers/parse_link_destination.js | 1 +
 2 files changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4c36e4d29..271622bda 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [12.0.3] - WIP
 ### Fixed
 - `[](<foo<bar>)` is no longer a valid link.
+- Fix performance issues when parsing links, #732.
 
 
 ## [12.0.2] - 2020-10-23
diff --git a/lib/helpers/parse_link_destination.js b/lib/helpers/parse_link_destination.js
index f85b4f69c..6c1423c6a 100644
--- a/lib/helpers/parse_link_destination.js
+++ b/lib/helpers/parse_link_destination.js
@@ -59,6 +59,7 @@ module.exports = function parseLinkDestination(str, pos, max) {
 
     if (code === 0x28 /* ( */) {
       level++;
+      if (level > 32) { return result; }
     }
 
     if (code === 0x29 /* ) */) {