This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author gregory.p.smith
Recipients aaronsw, gregory.p.smith, josiahcarlson, mark.dickinson, mrabarnett, pitrou, rsc, schmir, terry.reedy, timehorse, witten, yarkot
Date 2013-05-16.20:27:53
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1368736073.89.0.757133461743.issue1662581@psf.upfronthosting.co.za>
In-reply-to
Content 
The recommendation for anyone using regular expressions on hostile input is to (a) don't do that. (b) use a better regexp without this possible behavior and (c) use something like re2 (there's a Python binding at https://github.com/axiak/pyre2) which is a regular expression engine that this cannot happen to.

fixing this within python requires a complete rewrite and replacement of the re module with one that uses a different approach.  see the other work on the MRAB regex module and discussion surrounding that.  that is a non trivial task and it is fixing other more important things (unicode correctness!) than this...

Given that, I don't actually expect this issue to ever be fixed.

IMNSHO: People shouldn't abuse regexes and get themselves into this situation in the first place. ;)

discussion should really happen on python-ideas.
History
Date User Action Args
2013-05-16 20:27:53gregory.p.smithsetrecipients: + gregory.p.smith, aaronsw, terry.reedy, josiahcarlson, mark.dickinson, pitrou, rsc, timehorse, schmir, mrabarnett, yarkot, witten
2013-05-16 20:27:53gregory.p.smithsetmessageid: <1368736073.89.0.757133461743.issue1662581@psf.upfronthosting.co.za>
2013-05-16 20:27:53gregory.p.smithlinkissue1662581 messages
2013-05-16 20:27:53gregory.p.smithcreate