RegExp.escape()

richard.gibson at gmail.com richard.gibson at gmail.com
Tue Dec 5 16:25:28 UTC 2017


Reviving this [thread] a third time, is there any love left for introducing RegExp.escape? The previous attempt was abandoned because of a so-called "[even-odd problem]", but that can be fixed: backslash-escape every _SyntaxCharacter_, then wrap the full result in a new form of non-capturing group that is only valid **as a unit** (and therefore protected from otherwise dangerous preceding fragments). For example, `(?](?)…)` is a good candidate because preceding such content with a right bracket (starting a _CharacterClass_) and/or a backslash (escaping special treatment of the initial parenthesis) would produce invalid syntax by exposing the "(?)".

As a result, `new RegExp(RegExp.escape("foo.bar"))` is valid (i.e., `/(?](?)foo\.bar)/`, equivalent in evaluation to `/(?:foo\.bar)/`) but `new RegExp("\\" + RegExp.escape("foo.bar"))` and even `new RegExp("([\\" + RegExp.escape("foo.bar"))` would throw SyntaxErrors.

The upside of such a change is getting safe access to desired language functionality. The downside, of course, is the new pattern's supreme ugliness.

Sample polyfill:
```
const regExpSyntaxCharacter = /[\^$\\.*+?()[\]{}|]/g;
RegExp.escape = function( value ) {
	return "(?](?)" + (value + "").replace(regExpSyntaxCharacter, "\\$&") + ")";
}
```

[thread]: https://esdiscuss.org/topic/regexp-escape
[even-odd problem]: https://github.com/benjamingr/RegExp.escape/issues/37




More information about the es-discuss mailing list