2

I want to create some functionality for non dangerous regex.
I want to accept only very few regex cases where it is safe to assume that they are not malicious (but still giving the user some flexibility).

Is this possible avoiding the [(+*{}? characters?

guntbert
  • 1,825
  • 2
  • 18
  • 21
Fabian Enrique Gutierrez
  • 21
  • 2
  • 5
    How do you define a dangerous regex? – Cowthulhu May 22 '19 at 19:48
  • 1
    @Cowthulhu check this https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS – Fabian Enrique Gutierrez May 22 '19 at 21:24
  • That is super interesting - learn something new every day! It would probably help to edit that into your question so it's all in one spot. – Cowthulhu May 22 '19 at 21:28
  • It all depends on what you want to filter with the regex. It might not be possible without those characters. You're probably better off trying to sanitize the user input to prevent DOS attacks. – Fire May 22 '19 at 21:41

0 Answers0