Closed Weltraumschaf closed 4 years ago
java.util.regex.Pattern.quote(String)?
Example of how this is being used, please? A special encoder should not be necesary.
-- Jim Manico @Manicode
On Jun 20, 2019, at 1:32 PM, VsevolodGolovanov notifications@github.com wrote:
java.util.regex.Pattern.quote(String)?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
System.out.println(Pattern.matches("\\w+", "anything")); // true - matches any word
System.out.println(Pattern.matches(Pattern.quote("\\w+"), "anything")); // false - doesn't match any word
System.out.println(Pattern.matches(Pattern.quote("\\w+"), "\\w+")); // true - matches only "\w+" literally
We politely cannot support this, we really want to focus on XSS defense in web pages. RegEx escaping is out of bounds for us.
Just did a quick look through the code and it looks like there is no encoder for RegEx context.
I'm just facing this issue: I have untrusted user input and must escape all RegEx meta characters to avoid possible crashes.