Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is usually a small price to pay for guaranteed O(n) matching speed. (Kudos to the author for doing the Right Thing here.)


Thanks :-) The implementation is basically the Pike VM as described by Russ Cox. Recursion depth in particular has an upper bound corresponding to the number of instructions in the regex. In practice, this means it's safe to run a regex on untrusted data.

(Creating a regex from untrusted data still needs a bit of work, but is fixable!)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: