forbes at lindesay.co.uk (2014-03-24T17:48:56.896Z)
It's probably future-proof and safe, but it escapes 65,520 characters more than necessary. Anyway, no big deal if this isn't added. I have, however, seen a lot of developers get this wrong when trying to do it themselves (e.g., the blog post that started this thread was not safe until it was updated 4+ years later, and it wasn't the worst I've seen).
Erik Corry wrote: >Steven Levithan wrote: >> Kris Kowal wrote: >>> Jordan Osete wrote: >>>> Hello everybody. >>>> >>>> How about standardizing something like RegExp.escape() ? >>>> http://simonwillison.net/2006/Jan/20/escape/ >>>> >>>> It is trivial to implement, but it seems to me that this functionality >>>> belongs to the language - the implementation obviously knows better >>>> which characters must be escaped, and which ones don't need to. >>> >>> +1 >> >> +1, again. >> >> Although this is only a minor convenience since you can do something like >> text.replace(/[-[\]{}()*+?.,\\^$|]/g, "\\$&"), the list of special >> characters is subject to change. E.g., if ES adds /x, whitespace (and >> possibly #) must be added. > > In perl the recommended version is > > text.replace(/([^a-zA-Z0-9])/g, "\\$1") > > which is future-proof and safe and I think this also works for JS. It's probably future-proof and safe, but it escapes 65,520 characters more than necessary. Anyway, no big deal if this isn't added. I have, however, seen a lot of developers get this wrong when trying to do it themselves (e.g., the blog post that started this thread was not safe until it was updated 4+ years later, and it wasn't the worst I've seen). -- Steven Levithan