Damus
Open in Damus
Graham Sutherland / Polynomial profile picture
Graham Sutherland / Polynomial
@Graham Sutherland / Polynomial
protip: ALWAYS use regular expression literals in JavaScript and TypeScript and any other language that supports it, instead of writing your regex out in a string. I cannot count how many critical security bugs I have found over the years from someone writing a regex like "^en\.wikipedia\.org$", which is incorrect because the \. is treated as *string* escape sequence (an invalid one that just produces .) which then results in the regex being "^en.wikipedia.org$" which matches "enowikipedia.org".
1
Graham Sutherland / Polynomial · 5w
this doesn't just come up in domain name whitelisting, it's eeeeverrryyywhere. the double escapes ALWAYS catch people out. use the regex literals, they'll save your ass. and if your language or toolchain or linter has a strict mode that can yell at you about bogus escape sequences in strings (or in ...