C++ Logo


Advanced search

Re: Escaping text for use in a regex

From: Henry Miller <hank_at_[hidden]>
Date: Fri, 06 Dec 2019 09:50:06 -0600
If we are to do this right user input strings should be a different type from escaped strings (remembering that sql escaped strings are used as well, and in sure there are other desirable escapes beyond me). That way it would be a compile error to pass an unescaped string to something that needs one.

This is probably too late, and it it difficult to get all the details right (everything that takes a string needs to be changed, which quickly becomes impossible with released code) , but it is where I'd like to go.

  Henry Miller
On Fri, Dec 6, 2019, at 8:31 AM, Stephan Reiter via Std-Proposals wrote:
> Hi!
> I encountered a situation where I needed to incorporate user input
> into a regular expression.
> To safely do this, I needed to escape regex-special characters in the
> user input.
> For inclusion into the standard library, I'd like to propose the
> following function (plus variations as needed, e.g. also for
> wstrings):
> std::string regex_escape(std::string_view text,
> std::regex_constants::syntax_option_type f =
> std::regex_constants::ECMAScript);
> The function returns a regex pattern that matches against the given
> input string. It supports different regex styles, e.g. ECMAScript.
> Based on the function output, I could build dependent regex patterns, e.g.
> std::string pattern = regex_escape(user_selected_dir) + "/*\\.log";
> The presence of this function in the standard library will make it
> easier to use regex and will also contribute to raising awareness
> about the need to escape user inputs.
> What do you think?
> Kind regards,
> Stephan
> -- 
> Std-Proposals mailing list
> Std-Proposals_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals

Received on 2019-12-06 09:52:51