Is RegEx from user input safe?
https://stackoverflow.com/questions/867478
-
22-08-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm working on an app that needs to accept a RegEx from the user, to do so I'm using the following code:
Regex user_searchPattern = new Regex(this.userInput_regEx.Text);
Is doing this safe?
Is there a need to sanitize the user input, and if so how?
Solution
You might get an error if the regular expression has an invalid syntax or it might consume a exponential amount of time and space when processed if a so-called pathological regular expression is tested on some particular string.
OTHER TIPS
User input is always evil. What do you mean with "safe". Can it contain errors that will make your code throw an exception or fail in some other way? Yes, it certainly can, so you should be prepared for that of course.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
