From 6e9ada7fdfb264f2cc8d2e89091f0166b30b22f1 Mon Sep 17 00:00:00 2001
From: albertfj114 <albertfj@gmail.com>
Date: Tue, 10 Mar 2026 22:34:51 -0400
Subject: [PATCH] fix: harden discovermass plan against coord validation and
 regex slowdown

- Validate lat/lng from daddr= (bounds check + isFinite) before storing
- Cap HTML to 100KB before regex matching to prevent backtracking on large pages

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../plans/2026-03-10-discovermass-importer.md   | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/docs/superpowers/plans/2026-03-10-discovermass-importer.md b/docs/superpowers/plans/2026-03-10-discovermass-importer.md
index 2306473..3a5e506 100644
--- a/docs/superpowers/plans/2026-03-10-discovermass-importer.md
+++ b/docs/superpowers/plans/2026-03-10-discovermass-importer.md
@@ -432,8 +432,13 @@ function parseChurch(html: string): ParsedChurch | null {
   let lng = 0;
   const coordMatch = html.match(/daddr=([-\d.]+),([-\d.]+)/);
   if (coordMatch) {
-    lat = parseFloat(coordMatch[1]);
-    lng = parseFloat(coordMatch[2]);
+    const rawLat = parseFloat(coordMatch[1]);
+    const rawLng = parseFloat(coordMatch[2]);
+    // Validate: reject NaN, Infinity, and out-of-range values; fall back to 0 sentinel
+    if (isFinite(rawLat) && isFinite(rawLng) && Math.abs(rawLat) <= 90 && Math.abs(rawLng) <= 180) {
+      lat = rawLat;
+      lng = rawLng;
+    }
   }
 
   return { name, address, city, state, zip, phone, website, lat, lng };
@@ -457,7 +462,9 @@ Append to the file:
  * </ul>
  */
 function parseMassTimes(html: string): ParsedMass[] {
-  const massUlMatch = html.match(/<ul>\s*<li>\s*<h5>Mass Times<\/h5>[\s\S]*?<\/ul>/);
+  // Cap HTML to first 100KB to prevent slow regex backtracking on malformed pages
+  const safeHtml = html.length > 100_000 ? html.slice(0, 100_000) : html;
+  const massUlMatch = safeHtml.match(/<ul>\s*<li>\s*<h5>Mass Times<\/h5>[\s\S]*?<\/ul>/);
   if (!massUlMatch) return [];
   const massUl = massUlMatch[0];
 
@@ -517,7 +524,9 @@ Append to the file:
  * </ul>
  */
 function parseOtherServices(html: string): { confessions: ParsedConf[]; adorations: ParsedAdoration[] } {
-  const otherUlMatch = html.match(/<ul>\s*<li>\s*<h5>Other Services<\/h5>[\s\S]*?<\/ul>/);
+  // Cap HTML to first 100KB to prevent slow regex backtracking on malformed pages
+  const safeHtml = html.length > 100_000 ? html.slice(0, 100_000) : html;
+  const otherUlMatch = safeHtml.match(/<ul>\s*<li>\s*<h5>Other Services<\/h5>[\s\S]*?<\/ul>/);
   if (!otherUlMatch) return { confessions: [], adorations: [] };
   const otherUl = otherUlMatch[0];