| Smalyshev added a comment. |
I don’t think it’s possible to construct a ReDoS attack without any nesting
Wouldn't something like a*b*[ac]*$ be still dangerous? Maybe not as dangerous as nested ones, but seems to still have some evil potential.
There's also this one: https://github.com/substack/safe-regex which may expand the possibilities a little.
TASK DETAIL
EMAIL PREFERENCES
To: Smalyshev
Cc: Halfak, Anomie, Smalyshev, tstarling, daniel, GWicke, Joe, Lucas_Werkmeister_WMDE, Krinkle, Aklapper, Lahi, Gq86, GoranSMilovanovic, QZanden, merbst, LawExplorer, Agabi10, SBisson, Wikidata-bugs, aude, jayvdb, fbstj, santhosh, Jdforrester-WMF, Mbch331, Rxy, Jay8g, Ltrlg, bd808, Legoktm
Cc: Halfak, Anomie, Smalyshev, tstarling, daniel, GWicke, Joe, Lucas_Werkmeister_WMDE, Krinkle, Aklapper, Lahi, Gq86, GoranSMilovanovic, QZanden, merbst, LawExplorer, Agabi10, SBisson, Wikidata-bugs, aude, jayvdb, fbstj, santhosh, Jdforrester-WMF, Mbch331, Rxy, Jay8g, Ltrlg, bd808, Legoktm
_______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
