|Keep It Simple, Stupid|
Re: Is it safe to use external strings for regexes?by LanX (Sage)
|on Oct 06, 2021 at 14:02 UTC||Need Help??|
> My question is whether this is safe to do or not
I'm not sure if you ask if your code or if foreign regexes "are safe".
In the latter case, there are three issues I'm aware of
the first two cases might be solved by introspection/blacklisting regex-ops first, the latter probably only by experimenting with a hard limit on runtime.
NB: it's even possible to "hide" a BEGIN block inside a regex, we had this discussion about 10 years ago, I'll update a link. °
Edit: We had regularly similar discussions over the years, you might want to Super Search the archives.
²) more at regex-explosive-quantifiers