SQL like prepared statements for regular expressions
Regex prepared statements helps with sanitizing user inputs for usage in regular expression statements.
Similar to SQL's ?, this library uses a sequence of special characters <_> that will be replaced with sanitized
inputs via escape-string-regexp as a peer dependency.
npm install regex-prepared-statements
Additionally you'll need to install the peer dependency escape-string-regexp
npm install escape-string-regexp
Simple replacement:
regexp('^foo<_>baz$')('bar') // Produces a regex '^foobarbaz$'Passing flags:
regexp('^foo<_>baz$', 'i)'('bar') // Produces a regex '^foobarbaz$'Multiple place holders:
regexp('^<_><_><_>$')('foo', 'bar', 'baz') // Produces a regex '^foobarbaz$'Regex syntax within a placeholder:
regexp('_<>_<_>?/?_<_>?.*')('.*)*.*///', '<_>')) // Produces a regex '_<>_\\.\\*\\)\\*\\.\\*\\/\\/\\/?\\/?_<_>?.*'For use cases where you just need a simple sanitization:
regexpSimple(".?") // Produces a regex '\\.\\?'We suggest using this eslint rule to help enforce the usage of this regex library:
"no-restricted-syntax": ["error", {
"selector": "NewExpression[callee.name='RegExp']",
"message": "Use regexp() prepared regex function instead.",
}],