Converting user input string to regular expression

Question

I am designing a regular expression tester in HTML and JavaScript. The user will enter a regex, a string, and choose the function they want to test with (e.g. search, match, replace, etc.) via radio button and the program will display the results when that function is run with the specified arguments. Naturally there will be extra text boxes for the extra arguments to replace and such.

My problem is getting the string from the user and turning it into a regular expression. If I say that they don't need to have //'s around the regex they enter, then they can't set flags, like g and i. So they have to have the //'s around the expression, but how can I convert that string to a regex? It can't be a literal since its a string, and I can't pass it to the RegExp constructor since its not a string without the //'s. Is there any other way to make a user input string into a regex? Will I have to parse the string and flags of the regex with the //'s then construct it another way? Should I have them enter a string, and then enter the flags separately?

score 682 · Accepted Answer · answered May 17 '09 at 14:26

682

Use the RegExp object constructor to create a regular expression from a string:

var re = new RegExp("a|b", "i");
// same as
var re = /a|b/i;

answered May 17 '09 at 14:26

Gumbo

620,600
104
758
828

1

would be nice to have online tool with a input field – holms Nov 14 '13 at 04:10
70

When doing it this way, you must escape the backslash, e.g. `var re = new RegExp("\\w+");` – JD Smith Sep 12 '14 at 15:59
15

@holms [regex101.com](https://regex101.com/) is a great regex online tool as well – Fran Herrero Jul 18 '16 at 08:38
2

It took me a while to see that there are no trailing slashes required – Gerfried Dec 07 '16 at 23:52
@JD Smith and also escape the double quotes! – Luis Paulo Apr 03 '18 at 00:48
Actually @LuisPaulo you can't escape the double quotes surrounding the string arguments to the RegExp constructor method; you'd only escape double quotes that were in the string itself. – JD Smith Apr 10 '18 at 17:12
2

@JDSmith I didn't mean it in your example. I meant that you need to escape double quotes if you want them to be a part of the regex provided it is hard coded. Obviously, none of this applies if the string is in a variable like from an `` HTML tag. `var re = new RegExp("\"\\w+\"");` is an example of a hard coded regex using the RegExp constructor and the escaping of the double quotes __is__ necessary. What I mean by a string in a variable is that you can just do `var re = new RegExp(str);` and `str` may contain double quotes or backslashes without a problem. – Luis Paulo Apr 17 '18 at 00:23
@JDSmith I didn't mean the quotes in your example :) I was just completing your sentence "When doing it this way, you must escape the backslash" with "and double quotes". – Luis Paulo Apr 17 '18 at 00:24
Are those two really the same? If it's a string (object constructor), isn't it compiled each time the regex is run [(MSDN source)](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/RegExp#Description)? Wouldn't it be better to construct a literal notation if it's run in a loop? – smurtagh Sep 07 '18 at 14:51
Also, I'm replacing \ with \\ in input string variable in a following way: `var r = new RegExp(str.split('\\').join('\\\\'));`. Notice, that I'm escaping slashes in string literal. – AntonAL Jun 09 '20 at 17:04

score 77 · Answer 2 · edited Sep 09 '14 at 13:31

77

var flags = inputstring.replace(/.*\/([gimy]*)$/, '$1');
var pattern = inputstring.replace(new RegExp('^/(.*?)/'+flags+'$'), '$1');
var regex = new RegExp(pattern, flags);

or

var match = inputstring.match(new RegExp('^/(.*?)/([gimy]*)$'));
// sanity check here
var regex = new RegExp(match[1], match[2]);

edited Sep 09 '14 at 13:31

Mak

18,924
5
24
31

answered May 17 '09 at 14:34

Anonymous

46,403
1
24
19

You should consider that an invalid input like `/\/` is recognized. – Gumbo May 17 '09 at 15:14
9

Or let the RegExp constructor fail, "trailing \ in regular expression", instead of writing a complicated parser. – Anonymous May 17 '09 at 15:23
**Note** that users can input as many flags as they want, e.g.: `/foo/ggggg`. In the first example you could change the `flags` replace to `replace('/.*\/(?!.*(.).*\1)([gimy]*)$/', '$2')`. Or use the following regex for the 2nd example `^\/(.*)\/(?!.*(.).*\2)([gimy]*)$`, what will put the flags in match group 3. – luukvhoudt May 14 '21 at 14:33

Rivenfall · Answer 3 · 2020-04-10T13:34:54.663

Here is a one-liner: str.replace(/[|\\{}()[\]^$+*?.]/g, '\\$&')

I got it from the escape-string-regexp NPM module.

Trying it out:

escapeStringRegExp.matchOperatorsRe = /[|\\{}()[\]^$+*?.]/g;
function escapeStringRegExp(str) {
    return str.replace(escapeStringRegExp.matchOperatorsRe, '\\$&');
}

console.log(new RegExp(escapeStringRegExp('example.com')));
// => /example\.com/

Using tagged template literals with flags support:

function str2reg(flags = 'u') {
    return (...args) => new RegExp(escapeStringRegExp(evalTemplate(...args))
        , flags)
}

function evalTemplate(strings, ...values) {
    let i = 0
    return strings.reduce((str, string) => `${str}${string}${
        i < values.length ? values[i++] : ''}`, '')
}

console.log(str2reg()`example.com`)
// => /example\.com/u

Ayman Hourieh · Answer 4 · 2009-05-17T14:41:25.700

18

Use the JavaScript RegExp object constructor.

var re = new RegExp("\\w+");
re.test("hello");

You can pass flags as a second string argument to the constructor. See the documentation for details.

edited May 17 '09 at 14:41

answered May 17 '09 at 14:24

Ayman Hourieh

122,950
22
139
114

score 12 · Answer 5 · answered Mar 31 '14 at 14:15

12

In my case the user input somethimes was sorrounded by delimiters and sometimes not. therefore I added another case..

var regParts = inputstring.match(/^\/(.*?)\/([gim]*)$/);
if (regParts) {
    // the parsed pattern had delimiters and modifiers. handle them. 
    var regexp = new RegExp(regParts[1], regParts[2]);
} else {
    // we got pattern string without delimiters
    var regexp = new RegExp(inputstring);
}

answered Mar 31 '14 at 14:15

staabm

1,515
22
20

4

you could always use the `.split()` function instead of a long regex string. `regParts = inputstring.split('/')` this would make `regParts[1]` the regex string, and `regParts[2]` the delimiters (assuming the setup of the regex is `/.../gim`). You could check if there are delimiters with `regParts[2].length < 0`. – ZomoXYZ Apr 21 '16 at 17:17
1

@ZomoXYZ Don't use split, it won't handle escaped `/` in the regex – Tofandel Mar 22 '21 at 17:38
You can do even better: `function stringToRegex(s, m) { return (m = s.match(/^(.)(.*?)\1([gimsuy]*)$/)) ? new RegExp(m[2], m[3]) : new RegExp(s); }` – Tofandel Mar 22 '21 at 18:10

Richie Bendall · Answer 6 · 2020-09-20T02:25:06.633

8

Try using the following function:

const stringToRegex = str => {
    // Main regex
    const main = str.match(/\/(.+)\/.*/)[1]
    
    // Regex options
    const options = str.match(/\/.+\/(.*)/)[1]
    
    // Compiled regex
    return new RegExp(main, options)
}

You can use it like so:

"abc".match(stringToRegex("/a/g"))
//=> ["a"]

edited Sep 20 '20 at 02:25

answered Mar 20 '19 at 10:49

Richie Bendall

5,657
3
32
49

Tofandel · Answer 7 · 2021-03-22T18:36:11.067

3

Here is my one liner function that handles custom delimiters and invalid flags

function stringToRegex(s, m) {
  return (m = s.match(/^([\/~@;%#'])(.*?)\1([gimsuy]*)$/)) ? new RegExp(m[2], m[3].split('').filter((i, p, s) => s.indexOf(i) === p).join('')) : new RegExp(s);
}

console.log(stringToRegex('/(foo)?\/bar/i'));
console.log(stringToRegex('#(foo)?\/bar##gi')); //Custom delimiters
console.log(stringToRegex('#(foo)?\/bar##gig')); //Duplicate flags are filtered out
console.log(stringToRegex('/(foo)?\/bar')); // Treated as string
console.log(stringToRegex('gig')); // Treated as string

edited Mar 22 '21 at 18:36

answered Mar 22 '21 at 18:13

Tofandel

2,279
1
21
45

2

Just because you crammed 10 statements into one line, it's not a one-liner :) – raveren Apr 30 '21 at 08:48
2

10 statements? It's just a ternary expression, and if it's one line, it's a one liner ;) And if you say it's 3 line because of the function that's just for readability otherwise you can do `const stringToRegex = (s, m) => (m = s.match(/^([\/~@;%#'])(.*?)\1([gimsuy]*)$/)) ? new RegExp(m[2], m[3].split('').filter((i, p, s) => s.indexOf(i) === p).join('')) : new RegExp(s);` – Tofandel Apr 30 '21 at 14:29

score 3 · Answer 8 · edited Jul 30 '13 at 21:45

I suggest you also add separate checkboxes or a textfield for the special flags. That way it is clear that the user does not need to add any //'s. In the case of a replace, provide two textfields. This will make your life a lot easier.

Why? Because otherwise some users will add //'s while other will not. And some will make a syntax error. Then, after you stripped the //'s, you may end up with a syntactically valid regex that is nothing like what the user intended, leading to strange behaviour (from the user's perspective).

score 2 · Answer 9 · answered Sep 09 '16 at 07:51

This will work also when the string is invalid or does not contain flags etc:

function regExpFromString(q) {
  let flags = q.replace(/.*\/([gimuy]*)$/, '$1');
  if (flags === q) flags = '';
  let pattern = (flags ? q.replace(new RegExp('^/(.*?)/' + flags + '$'), '$1') : q);
  try { return new RegExp(pattern, flags); } catch (e) { return null; }
}

console.log(regExpFromString('\\bword\\b'));
console.log(regExpFromString('\/\\bword\\b\/gi'));

score 1 · Answer 10 · answered Sep 21 '15 at 01:45

Thanks to earlier answers, this blocks serves well as a general purpose solution for applying a configurable string into a RegEx .. for filtering text:

var permittedChars = '^a-z0-9 _,.?!@+<>';
permittedChars = '[' + permittedChars + ']';

var flags = 'gi';
var strFilterRegEx = new RegExp(permittedChars, flags);

log.debug ('strFilterRegEx: ' + strFilterRegEx);

strVal = strVal.replace(strFilterRegEx, '');
// this replaces hard code solt:
// strVal = strVal.replace(/[^a-z0-9 _,.?!@+]/ig, '');

score 1 · Answer 11 · edited Jun 09 '17 at 18:23

1

You can ask for flags using checkboxes then do something like this:

var userInput = formInput;
var flags = '';
if(formGlobalCheckboxChecked) flags += 'g';
if(formCaseICheckboxChecked) flags += 'i';
var reg = new RegExp(userInput, flags);

edited Jun 09 '17 at 18:23

Akshat Mahajan

8,850
3
34
43

answered May 17 '09 at 14:29

Pim Jager

31,469
16
71
98

score 0 · Answer 12 · answered Apr 28 '22 at 09:20

0

Safer, but not safe. (A version of Function that didn't have access to any other context would be good.)

const regexp = Function('return ' + string)()

answered Apr 28 '22 at 09:20

Stephen Todd

355
3
12

Playhi · Answer 13 · 2019-07-23T08:29:47.863

-4

I use eval to solve this problem.

For example:

    function regex_exec() {

        // Important! Like @Samuel Faure mentioned, Eval on user input is a crazy security risk, so before use this method, please take care of the security risk. 
        var regex = $("#regex").val();

        // eval()
        var patt = eval(userInput);

        $("#result").val(patt.exec($("#textContent").val()));
    }

edited Jul 23 '19 at 08:29

answered Jul 16 '19 at 07:06

Playhi

121
1
4

6

eval on userInput is a crazy security risk – Samuel Faure Jul 22 '19 at 14:53
3

mr bobby tables ! – Luiz Felipe Mar 04 '20 at 14:44

Converting user input string to regular expression

13 Answers13

Linked

Related