so i would like to expose regular expression queries on a field in my

Question

0

Asked: June 10, 20262026-06-10T11:55:28+00:00 2026-06-10T11:55:28+00:00

so i would like to expose regular expression queries on a field in my

0

so i would like to expose regular expression queries on a field in my model, such that user could ask for

http://localhost:3000/myview.json?field=^hello, (there|world).*

so i know i’ll have to change my routes to recognise the wildcard characters etc, and i can easily do a Regexp.new() inside my controller to convert this to a real regular expression (i’m using mongomapper in the back).

the issue is the potentially huge security hole with XSS.

should i be worried about this? how could i safely enable users to query with regular expression strings.

(i’m not too bothered about the user hammering the database… yet)

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-10T11:55:29+00:00

Editorial Team

2026-06-10T11:55:29+00:00Added an answer on June 10, 2026 at 11:55 am

Regular expressions won’t be able to perform arbitrary code execution unless there is something really wrong with Regexp.new. So if we assume that Regexp.new will either make a valid regular expression or fail or do something else sane you are safe already without having to sanitize the incoming string.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

so i would like to expose regular expression queries on a field in my

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply