On Mon, Feb 14, 2022 at 03:58:49PM -0600, Nick Timkovich wrote: > While definitely not as bad and not as likely as SQL injection, I think the > possibility of regex DoS is totally missing in the stdlib re docs. Should > there be something added there about if you need to put user input into an > expression, best practice is to re.escape it?
That doesn't help you when you wish to allow the user to specify a regex as the search term. -- Steve _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/YMA7FDZEIGKYBKIB3DJS2RETBI7SKPPA/ Code of Conduct: http://python.org/psf/codeofconduct/
