ID: js/regex/empty-character-class Kind: problem Security severity: Severity: warning Precision: very-high Tags: - quality - reliability - correctness - regular-expressions Query suites: - javascript-code-quality.qls - javascript-security-and-quality.qls
Click to see the query in the CodeQL repository
An empty character class in a regular expression does not match anything and may indicate missing code.
Recommendation¶
Omit the empty character class. If the whole regular expression would become empty, use /(?:)/ to express a deliberately empty regular expression.
Example¶
In the following example, the programmer presumably meant to write a regular expression that matches an opening square bracket or curly brace, followed by one or more letters or digits, followed by a closing square bracket or curly brace. However, they forgot to escape the closing square bracket with a backslash, leading to an empty character class. The resulting regular expression is malformed and could be interpreted differently on different platforms.
if (!/[[{]\w+[]}]/.test(input)) console.log("Malformed input.");
To fix this problem, the regular expression should be rewritten to /[[{]\w+[\]}]/.
References¶
Mozilla Developer Network: JavaScript Regular Expressions.