I'm assuming that DoS is a possible issue when matching, on the backend in Node.js, arbitrary strings with arbitrary regexes with one of JS's regex functions. If the provided regex is simply invalid, the error thrown by the constructor can just be caught -- but I'm thinking it's possible that matching the string with the RegExp could become a significantly or even completely blocking operation, deliberately or accidentally by the creator of the regex and the string? If so, how exactly would this be caused, and how could it be mitigated?
Matching user-input text with a user-input regex in Node.js
101 views Asked by zyxz66 At
0
There are 0 answers
Related Questions in JAVASCRIPT
- Using Puppeteer to scrape a public API only when the data changes
- inline SVG text (js)
- An array of images and a for loop display the buttons. How to assign each button to open its own block by name?
- Storing the preferred font-size in localStorage
- Simple movie API request not showing up in the console log
- Authenticate Flask rest API
- Deploying sveltekit app with gunjs on vercel throws cannot find module './lib/text-encoding'
- How to request administrator rights?
- mp4 embedded videos within github pages website not loading
- Scrimba tutorial was working, suddenly stopped even trying the default
- In Datatables, start value resets to 0, when column sorting
- How do I link two models in mongoose?
- parameter values only being sent to certain columns in google sheet?
- Run main several times of wasm in browser
- Variable inside a Variable, not updating
Related Questions in NODE.JS
- Using Puppeteer to scrape a public API only when the data changes
- How to request administrator rights?
- How do I link two models in mongoose?
- Variable inside a Variable, not updating
- Unable to Post Form Data to MongoDB because of picturepath
- Connection terminated unexpectedly while performing multi row insert using pg-promise
- Processing multiple forms in nodejs and postgresql
- Node.js Server + Socket.IO + Android Mobile Applicatoin XHR Polling Error...?
- How to change the Font Weight of a SelectValue component in React when a SelectItem is selected?
- My unban and ban commands arent showing when i put the slash
- how to make read only file/directory in Mac writable
- How can I outsource worker processes within a for loop?
- Get remote MKV file metadata using nodejs
- Adding google-profanity-words to web page
- Products aren't displayed after fetching data from mysql db (node.js & express)
Related Questions in REGEX
- Python and regex, can't understand why some words are left out of the match
- Special access rule in an .htaccess file for IP addresses, authorized only for one directory structure
- regex working not as expected javascript, displays wrong values
- Clarity on how can `.*` match all strings?
- IIS Rewrite Module exclude bots but allow GoogleBot
- Regex skipping delimiter is there is / before it
- How to ignore case in regexp mapping in a .htaccess rewrite rule?
- Select all lines after last occurrence of a certain character
- Segregate class names using regular expresions
- Regex to match binary literal number in re2c format
- why the perl regular expression is not identifying the value
- Trying to run subprocess commands with carriage returns and newlinees
- `Backward slash + b` does not work as expected on regex
- Extract 15 words before and 8 words after each 9digit number from a text file using regular expressions in python
- How to migrate this regex to JavaScript
Related Questions in DENIAL-OF-SERVICE
- Denial of service: regular expression
- Confirm API is called by known application
- Sonar scan reports issue in Regex
- Denial of service protection: how to reject connections based on content and frequency (golang as example)
- Regex vulnerable to polynomial runtime
- How does this Scapy DHCP DoS/Exhaustion attack work?
- Why is a StackOverflowError worth a CVE?
- Convert pixels to cm using Python
- SonarQube: denial of service for regex pattern due to polynomial runtime backtracking
- How is expanding %(describe) during a git archive a denial-of-service (DOS) risk?
- Checkmarx Resource Exhaustion in Golang url.Parse
- Preconditions for SpEL DoS vulnerability CVE-2022-22950?
- Is it possible to dispatch a successful DOS attack on a firewall with all ports closed?
- Can you limit the size of data that can be deserialized in Ktor?
- Matching user-input text with a user-input regex in Node.js
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)