C++ Logo

STD-PROPOSALS

Advanced search

Subject: Re: [std-proposals] Escaping text for use in a regex
From: Henry Miller (hank_at_[hidden])
Date: 2019-12-06 09:50:06


If we are to do this right user input strings should be a different type from escaped strings (remembering that sql escaped strings are used as well, and in sure there are other desirable escapes beyond me). That way it would be a compile error to pass an unescaped string to something that needs one.

This is probably too late, and it it difficult to get all the details right (everything that takes a string needs to be changed, which quickly becomes impossible with released code) , but it is where I'd like to go.

-- 
  Henry Miller
  hank_at_[hidden]
On Fri, Dec 6, 2019, at 8:31 AM, Stephan Reiter via Std-Proposals wrote:
> Hi!
> 
> I encountered a situation where I needed to incorporate user input
> into a regular expression.
> To safely do this, I needed to escape regex-special characters in the
> user input.
> 
> For inclusion into the standard library, I'd like to propose the
> following function (plus variations as needed, e.g. also for
> wstrings):
> 
> std::string regex_escape(std::string_view text,
> std::regex_constants::syntax_option_type f =
> std::regex_constants::ECMAScript);
> 
> The function returns a regex pattern that matches against the given
> input string. It supports different regex styles, e.g. ECMAScript.
> 
> Based on the function output, I could build dependent regex patterns, e.g.
> std::string pattern = regex_escape(user_selected_dir) + "/*\\.log";
> 
> The presence of this function in the standard library will make it
> easier to use regex and will also contribute to raising awareness
> about the need to escape user inputs.
> 
> What do you think?
> 
> Kind regards,
> Stephan
> -- 
> Std-Proposals mailing list
> Std-Proposals_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
>

STD-PROPOSALS list run by std-proposals-owner@lists.isocpp.org

Standard Proposals Archives on Google Groups