Feb. 14, 2022
3:14 p.m.
On Mon, Feb 14, 2022 at 03:58:49PM -0600, Nick Timkovich wrote:
While definitely not as bad and not as likely as SQL injection, I think the possibility of regex DoS is totally missing in the stdlib re docs. Should there be something added there about if you need to put user input into an expression, best practice is to re.escape it?
That doesn't help you when you wish to allow the user to specify a regex as the search term. -- Steve