Reputation: 3414
How can I check if a regular expression is not harmful in PHP
I am working on a project. This project have a user interface that we wrote in PHP. In the management part, there is a form input where the user needs to enter a regular expression. As I know, I can not check if is a regex or not, because every string is a regex. What I want to do is check whether this input is proper or not? Which way I can do it?
Upvotes: 2
Views: 164
Answers (2)
Reputation: 336408
It's very hard to do this by analysing the regex (short of actually parsing the regex itself.
I suggest you rather use conservative settings for pcre.backtrack-limit and pcre.recursion_limit.
Upvotes: 2
Reputation: 3805
It really depends on what you expect the program to do. If you are writing a regex tester, you simply need to have another field where they can input a string to check it against. Then use String.test(/regex/) or String.match(/regex/) to see if it is good for that string.
Upvotes: 0
Related Questions
- Malicious/Executable file upload prevention using regex validation on file extension
- How can I validate regex?
- Test if a regular expression is a valid one in PHP
- Regular Expression Validation PHP
- Validate regex without throwing warning
- regex to make sure safe input. no script injections html etc?
- How to validate a regex with PHP
- php - how to validate a regular expression itself?
- PHP Regex Validation