And now what happens on localhost.mydevious.url? The secure solution is to use ^ and $ to gate the start and end of the tested string.
Also, one trick up JS regex's sleeve is the back reference (\1-\9):
/(["'])(.*?)\1/.test('"IcanmatchEmma\'s full strings"')&&RegExp.$2;/(["'])(.*?)\1/.test("'I can match when Emma say \"things in strings\"'")&&RegExp.$2;
This will re-use the (matches) inside the same regex.
Using the
|operator is a dangerous habit. You easily forget to guard yourself against matching substrings, for example consider the following line:And now what happens on
localhost.mydevious.url? The secure solution is to use ^ and $ to gate the start and end of the tested string.Also, one trick up JS regex's sleeve is the back reference (
\1-\9):This will re-use the
(matches)inside the same regex.The real guard is to write tests to assert the correct behaviour :)
Just don't forget about those edge cases ;-)