Date: Fri, 06 Dec 2019 09:50:06 -0600
If we are to do this right user input strings should be a different type from escaped strings (remembering that sql escaped strings are used as well, and in sure there are other desirable escapes beyond me). That way it would be a compile error to pass an unescaped string to something that needs one.
This is probably too late, and it it difficult to get all the details right (everything that takes a string needs to be changed, which quickly becomes impossible with released code) , but it is where I'd like to go.
This is probably too late, and it it difficult to get all the details right (everything that takes a string needs to be changed, which quickly becomes impossible with released code) , but it is where I'd like to go.
-- Henry Miller hank_at_[hidden] On Fri, Dec 6, 2019, at 8:31 AM, Stephan Reiter via Std-Proposals wrote: > Hi! > > I encountered a situation where I needed to incorporate user input > into a regular expression. > To safely do this, I needed to escape regex-special characters in the > user input. > > For inclusion into the standard library, I'd like to propose the > following function (plus variations as needed, e.g. also for > wstrings): > > std::string regex_escape(std::string_view text, > std::regex_constants::syntax_option_type f = > std::regex_constants::ECMAScript); > > The function returns a regex pattern that matches against the given > input string. It supports different regex styles, e.g. ECMAScript. > > Based on the function output, I could build dependent regex patterns, e.g. > std::string pattern = regex_escape(user_selected_dir) + "/*\\.log"; > > The presence of this function in the standard library will make it > easier to use regex and will also contribute to raising awareness > about the need to escape user inputs. > > What do you think? > > Kind regards, > Stephan > -- > Std-Proposals mailing list > Std-Proposals_at_[hidden] > https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals >
Received on 2019-12-06 09:52:51