richard.gibson at richard.gibson at
Tue Dec 5 16:25:28 UTC 2017

Reviving this [thread] a third time, is there any love left for introducing RegExp.escape? The previous attempt was abandoned because of a so-called "[even-odd problem]", but that can be fixed: backslash-escape every _SyntaxCharacter_, then wrap the full result in a new form of non-capturing group that is only valid **as a unit** (and therefore protected from otherwise dangerous preceding fragments). For example, `(?](?)…)` is a good candidate because preceding such content with a right bracket (starting a _CharacterClass_) and/or a backslash (escaping special treatment of the initial parenthesis) would produce invalid syntax by exposing the "(?)".

As a result, `new RegExp(RegExp.escape(""))` is valid (i.e., `/(?](?)foo\.bar)/`, equivalent in evaluation to `/(?:foo\.bar)/`) but `new RegExp("\\" + RegExp.escape(""))` and even `new RegExp("([\\" + RegExp.escape(""))` would throw SyntaxErrors.

The upside of such a change is getting safe access to desired language functionality. The downside, of course, is the new pattern's supreme ugliness.

Sample polyfill:
const regExpSyntaxCharacter = /[\^$\\.*+?()[\]{}|]/g;
RegExp.escape = function( value ) {
	return "(?](?)" + (value + "").replace(regExpSyntaxCharacter, "\\$&") + ")";

[even-odd problem]:

More information about the es-discuss mailing list