[erlang-questions] escaping chars in re:replace

Fred Hebert mononcqc@REDACTED
Tue Jul 27 23:43:25 CEST 2010


There are many characters to escape:  ()[]{}\|*.+?:!$^<>= to name those I
can think of.

You have to be careful when accepting user-submitted regular expressions,
because it's possible to find pathological cases that will take a long time
to be ran. As far as I know, Erlang's re module is implemented as C code,
which could potentially lock your node (if anyone can confirm/deny).

It's generally a bad idea to run user-submitted regular expressions
server-side.

On Tue, Jul 27, 2010 at 4:40 PM, Wes James <comptekki@REDACTED> wrote:

> I'm replacing some values in some data.  It looks like when using
>
> re:replace here:
>
> http://www.erlang.org/doc/man/re.html
>
> the RE parameter needs to have the chars *, [, (,) escaped to be used.
>
> For example:
>
> re:replace("this*", "*", "!", [{return,list}, global, caseless])
>
> will error out with a bad argument error.  But this will work:
>
> re:replace("this*", "\\*", "!", [{return,list}, global, caseless])
>
>
> What other chars should I be looking for that need to be escaped?  The
> RE value comes in as a variable, so I will need to change any of these
> chars to escaped before using it in re:replace.
>
> thx,
>
> -wes
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:erlang-questions-unsubscribe@REDACTED
>
>


More information about the erlang-questions mailing list