Graham Sutherland / Polynomial2d ago
protip: ALWAYS use regular expression literals in JavaScript and TypeScript and any other language that supports it, instead of writing your regex out in a string. I cannot count how many critical security bugs I have found over the years from someone writing a regex like "^en\.wikipedia\.org$", which is incorrect because the \. is treated as *string* escape sequence (an invalid one that just produces .) which then results in the regex being "^en.wikipedia.org$" which matches "enowikipedia.org".
Show threadWilliam D. Jones2d ago
@gsuberland (Are regex literals different from raw strings?)
Show threadZimmie

@cr1901 @gsuberland Specifically, in languages which support regex literals, these expressions *are not* free-text strings. The expressions can be checked as compile time, for example to ensure parens, brackets, and braces close properly.

Many such languages also have a more human-readable way to construct the expressions. For example, Swift’s Regex type supports writing an expression like this:

Capture(as: someInteger) { OneOrMore(.digit) }

It’s more verbose than “(?<someInteger>\d+)”, but complicated expressions get so much easier to understand.

Apr 8 at 2:26amWeb
Show threadGraham Sutherland / Polynomial2d ago
@bob_zim @cr1901 also lets languages do really cool stuff like "hey, let's turn that regex into actual parser code at build time, so it gets all the benefits of compiler optimisations!"
Show threadGraham Sutherland / Polynomial2d ago
@bob_zim @cr1901 (which you can also do using other syntactic approaches like attributes)