RegExp.escape()

Steven Levithan steves_list at hotmail.com
Fri Mar 23 12:12:04 PDT 2012


Erik Corry wrote:
>Steven Levithan wrote:
>> Kris Kowal wrote:
>>> Jordan Osete wrote:
>>>> Hello everybody.
>>>>
>>>> How about standardizing something like RegExp.escape() ?
>>>> http://simonwillison.net/2006/Jan/20/escape/
>>>>
>>>> It is trivial to implement, but it seems to me that this functionality
>>>> belongs to the language - the implementation obviously knows better
>>>> which characters must be escaped, and which ones don't need to.
>>>
>>> +1
>>
>> +1, again.
>>
>> Although this is only a minor convenience since you can do something like
>> text.replace(/[-[\]{}()*+?.,\\^$|]/g, "\\$&"), the list of special
>> characters is subject to change. E.g., if ES adds /x, whitespace (and
>> possibly #) must be added.
>
> In perl the recommended version is
>
> text.replace(/([^a-zA-Z0-9])/g, "\\$1")
>
> which is future-proof and safe and I think this also works for JS.

It's probably future-proof and safe, but it escapes 65,520 characters more 
than necessary.

Anyway, no big deal if this isn't added. I have, however, seen a lot of 
developers get this wrong when trying to do it themselves (e.g., the blog 
post that started this thread was not safe until it was updated 4+ years 
later, and it wasn't the worst I've seen).

-- Steven Levithan



More information about the es-discuss mailing list