The escape sequence '\?' is equivalent to just '?'

[khlr]

Recently I played around with GitHub Actions in my SAML-tracer fork and came to know that there's a useless backslash in the regular expression for parsing the query string of GET requests:

The escape sequence '\?' is equivalent to just '?', so the sequence may still represent a meta-character when it is used in a regular expression.

Tool CodeQL, Rule ID js/useless-regexp-character-escape

Instead of parsing the query string manually, SAML-tracer can make use of URLSearchParams which greatly facilitates the process.

But there's one thing that made me wonder: Does anyone know why there's been a semicolon in the regular expression?

var r = new RegExp('[&;\?]');

It's clear that one would want an URL to be split on ? and & to get the name value pairs of the query string. But why should it be split on ; as well??

[thijskh]

W3C has recommended that query string parameters can also be semicolons. Although it does not seem widely in actual use.

Code is much improved by indeed depending on URLSearchParams, good improvement!

[khlr]

Thanks for the info @thijskh ! I wasn't aware of that. As you said - semicolon doesn't seem to be really used. So hopefully we can ignore it. URLSearchParams doesn't take it into account anyway ¯_(ツ)_/¯