这几天遇到了要通过用户给的表达式然后去匹配数据的情况,但是全部接受的话用户可能传回溯地狱之类的给服务器炸掉
然后 404 帮我找到了 https://www.npmjs.com/package/safe-regex2
直接给这个的源代码扣下来了
const parse = require('ret')
const types = parse.types
function safeRegex (re, opts) {
if (!opts) opts = {}
/* c8 ignore next */
const replimit = opts.limit === undefined ? 25 : opts.limit
/* c8 ignore next 2 */
if (isRegExp(re)) re = re.source
else if (typeof re !== 'string') re = String(re)
try { re = parse(re) } catch { return false }
let reps = 0
return (function walk (node, starHeight) {
let i
let ok
let len
if (node.type === types.REPETITION) {
starHeight++
reps++
if (starHeight > 1) return false
if (reps > replimit) return false
}
if (node.options) {
for (i = 0, len = node.options.length; i < len; i++) {
ok = walk({ stack: node.options[i] }, starHeight)
if (!ok) return false
}
}
const stack = node.stack || (node.value ? node.value.stack : undefined);
if (!stack) return true
for (i = 0; i < stack.length; i++) {
ok = walk(stack[i], starHeight)
if (!ok) return false
}
return true
})(re, 0)
}
function isRegExp (x) {
return {}.toString.call(x) === '[object RegExp]'
}
用法就是 safeRegex(正则表达式段(不带/), 配置)
比如 safeRegex('.*.*', { limit: 30 /* 默认25 */ }) 会返回 false
