[sphix]

Sometimes I wonder if these online tools mine data on text blobs and regex we pass in. I can only imagine how potential IP could be leaked if the data was correlated to a company that the user is using the tool from. Has anyone done analysis to see whether to tools send data back to the servers? In theory the entire app should be client side only.

[mvindahl]

They probably don't but still kind of hard to be sure. In principle they could introduce it at any given time without anyone noticing for a while. Of course, once someone does notice, the shit will hit the fan.

Anyway, I share your nagging doubt and I'd never paste any text containing sensitive information into any text pane on a web page, not regexr, not JSON formatters, not anywhere.

[macintux]

I've never felt comfortable with password strength tools online for similar reasons. Sure, most (maybe all) are local Javascript, but still.

[ehsankia]

Can you not monitor networking and make sure nothing is being sent back?

[macintux]

Sure, but it's a lot easier to just not use 'em.

[ehsankia]

Not really, these provide much needed help.

It's like saying, I'm gonna stick to Notepad and not use a proper IDE because I'm not sure if they send the code I write back to themselves.