János Brezniczky <breznic...@gmail.com> added the comment: I'd also raise for consideration the introduction a (default?) timeout on regexes, similarly to how such a feature seems available in .NET.
Given the DOS vector vs. occasionally non-trivially complex expressions, this could draw developer attention to this security aspect and stimulate the evolution of a more secure ecosystem. https://docs.microsoft.com/en-us/dotnet/api/system.text.regularexpressions.regex.matchtimeout?view=net-5.0 ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue44699> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
