Skip Navigation

Programming @programming.dev philnash @programming.dev 1 yr. ago

A comprehensive guide to the dangers of Regular Expressions in JavaScript

www.sonarsource.com A comprehensive guide to the dangers of Regular Expressions in JavaScript

A deep investigation into regular expression denial of service (ReDoS) vulnerabilities in JavaScript

A comprehensive guide to the dangers of Regular Expressions in JavaScript

RegEx @programming.dev philnash @programming.dev 1 yr. ago

A comprehensive guide to the dangers of Regular Expressions in JavaScript

www.sonarsource.com /blog/vulnerable-regular-expressions-javascript/

JavaScript @programming.dev philnash @programming.dev 1 yr. ago

A comprehensive guide to the dangers of Regular Expressions in JavaScript

www.sonarsource.com /blog/vulnerable-regular-expressions-javascript/

You're viewing a single thread.

15 comments

Is there one thing not screwed up in this language? I mean it's regex, there are so many good implementations for it.
- JavaScript's regex engine isn't the only one to have these problems. There certainly are other implementations, like Re2 and Rust's implementation, that don't have this issue. But they also lack some of the features of the JS implementation too.
  
  Ok thanks for the clarification.
  
  I would argue, the gold standard of regex would be perlre or even re from python. I never heard one discouraging using them. Do you know sth I don't?
  
  Both Perl and Python use backtracking regex engines and are thus susceptible to similar problems as discussed in the OP.

You've viewed 15 comments.