I really appreciate your distinction of use cases. That was very clarifying for me.
The reason I say it should be a last resort in prod is because you want to do the safe thing in prod. Because strings can be infinitely complex it is nearly impossible to consider all possible inputs to your regexp and those inputs you failed to consider are bugs in waiting.
My only issue is that I don't think avoidance really solves the problem. Personally I feel the development process (ex. things like code review, testing) should protect developers from making these mistakes, since eventually you are going to be a situation where they occur.
But it's definitely situationally dependent, so I can absolutely understand where you're coming from.
And, like you said, if there's another option available that's safer, why not just do that instead.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I really appreciate your distinction of use cases. That was very clarifying for me.
The reason I say it should be a last resort in prod is because you want to do the safe thing in prod. Because strings can be infinitely complex it is nearly impossible to consider all possible inputs to your regexp and those inputs you failed to consider are bugs in waiting.
Yeh, that's very true, I do agree.
My only issue is that I don't think avoidance really solves the problem. Personally I feel the development process (ex. things like code review, testing) should protect developers from making these mistakes, since eventually you are going to be a situation where they occur.
But it's definitely situationally dependent, so I can absolutely understand where you're coming from.
And, like you said, if there's another option available that's safer, why not just do that instead.