regex is evil regex

Question

regex is evil regex

amalamalpm opened this issue 9 years ago · 4 comments

It is a code segment in prototype.js

findChildElements: function(element, expressions) {
var exprs = expressions.join(','), expressions = [];
exprs.scan(/(([\w#:.~>+()\s-]+|*|[.?])+)\s(,|$)/, function(m) {
......

If we given value of exprs as

 exprs="#microsoft-windowserw-appmodel-runtime/admin";
and call this function will make the browser hang. especially Google chrome.

Simply we can say following line will hang the browser.

"#microsoft-windowserw-appmodel-runtime/admin".match(/(([\w#:.~>+()\s-]+|\*|\[.*?\])+)\s*(,|$)/);

So please try to modify this evil regex. Thank you

Answer 1 · 2015-12-23T07:06:25.000Z

An element name or id can contain any symbols, including (\ / < >)

Answer 2 · 2016-01-02T20:57:19.000Z

Yeah, a slash in an ID used to be forbidden, but HTML5 has much looser rules about this. I'll take a look.

Answer 3 · 2016-01-02T21:00:11.000Z

Actually, it looks like the only place this regex is used is in our legacy selector engine, which we haven't updated in years. What version of Prototype are you on? Newer versions should be using Sizzle.

Closing for now.

Answer 4 · 2016-01-06T10:15:08.000Z

Thanks for your update