Discuss
  • Message History
T.J. Crowder (2012-06-15T15:17:10.000Z)
On 23 March 2012 12:12, Steven Levithan wrote:
> Erik Corry wrote:
> > In perl the recommended version is
> >
> > text.replace(/([^a-zA-Z0-9])/g, "\\$1")
> >
> > which is future-proof and safe and I think this also works for JS.
>
> It's probably future-proof and safe, but it escapes 65,520 characters more
> than necessary.
>
> Anyway, no big deal if this isn't added. I have, however, seen a lot of
> developers get this wrong when trying to do it themselves (e.g., the blog
> post that started this thread was not safe until it was updated 4+ years
> later, and it wasn't the worst I've seen).

I've seen at least three that missed things out as well. The "all but
alnums" approach doesn't seem to occur to people.

On 23 March 2012 12:37, Steven Levithan wrote:
> Erik Corry wrote:
> > In perl the recommended version is
> > text.replace(/([^a-zA-Z0-9])/g, "\\$1")
>
> For the record, most languages with modern regular expressions include a
> built in method for this.
>
> For instance:
>
> * Perl: quotemeta(str)
> * PHP: preg_quote(str)
> * Python: re.escape(str)
> * Ruby: Regexp.escape(str)
> * Java: Pattern.quote(str)
> * C#, VB.NET: Regex.Escape(str)

Indeed. +1 for RegExp.escape in ES.

-- T.J.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120615/13c6bb1a/attachment.html>
domenic at domenicdenicola.com (2014-03-26T23:17:17.716Z)
On 23 March 2012 12:12, Steven Levithan wrote:

> It's probably future-proof and safe, but it escapes 65,520 characters more
> than necessary.
>
> Anyway, no big deal if this isn't added. I have, however, seen a lot of
> developers get this wrong when trying to do it themselves (e.g., the blog
> post that started this thread was not safe until it was updated 4+ years
> later, and it wasn't the worst I've seen).

I've seen at least three that missed things out as well. The "all but
alnums" approach doesn't seem to occur to people.

On 23 March 2012 12:37, Steven Levithan wrote:

> For the record, most languages with modern regular expressions include a
> built in method for this.

Indeed. +1 for RegExp.escape in ES.
Edit