From e947d6f52acd5c8da70653ed8ec89a4f36309df7 Mon Sep 17 00:00:00 2001
From: Kevin Lentin <kevin.lentin@team.telstra.com>
Date: Mon, 14 Jul 2025 15:41:47 +1000
Subject: [PATCH] #2491 #2573 Simplify isBase64 to prevent stack overflow

---
 src/lib/isBase64.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/lib/isBase64.js b/src/lib/isBase64.js
index 7eb3a5b56..fd876e4c0 100644
--- a/src/lib/isBase64.js
+++ b/src/lib/isBase64.js
@@ -1,9 +1,9 @@
 import assertString from './util/assertString';
 import merge from './util/merge';
 
-const base64WithPadding = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$/;
+const base64WithPadding = /^[A-Za-z0-9+/]+={0,2}$/;
 const base64WithoutPadding = /^[A-Za-z0-9+/]+$/;
-const base64UrlWithPadding = /^(?:[A-Za-z0-9_-]{4})*(?:[A-Za-z0-9_-]{2}==|[A-Za-z0-9_-]{3}=|[A-Za-z0-9_-]{4})$/;
+const base64UrlWithPadding = /^[A-Za-z0-9_-]+={0,2}$/;
 const base64UrlWithoutPadding = /^[A-Za-z0-9_-]+$/;
 
 export default function isBase64(str, options) {
@@ -12,6 +12,8 @@ export default function isBase64(str, options) {
 
   if (str === '') return true;
 
+  if (options.padding && str.length % 4 !== 0) return false;
+
   let regex;
   if (options.urlSafe) {
     regex = options.padding ? base64UrlWithPadding : base64UrlWithoutPadding;