Hacker News new | ask | show | jobs
by bink 152 days ago
As a security dude I spend way too much of my time fixing missing anchors or unescaped wildcards in regex. The good news is that it's trivial to detect with static analysis tooling. The bad news is that broken regex is often used for security checks.
2 comments
SkiFire13 151 days ago
Sometimes I wish regexes were full matches by default and required prefixing and postfixing with `.*` to get the current behaviour
link
chuckadams 151 days ago
Java's Pattern.match() method works that way. Python has two separate methods: re.match auto-anchors, re.search does not.
link
ruined 151 days ago
a match isn't boolean, it's substring. the original (and more common) use-cases would become excessively verbose
link
edoceo 151 days ago
https://xkcd.com/1171/
link