Total ReDoS: the dangers of regex in JavaScript

Room 4
16:20 - 17:20

Talk (60 min)

Regular expressions are complicated and can be hard to learn. On top of that, they can also be a security risk; writing the wrong pattern can open your application up to denial of service attacks. One token out of place and you invite in the dreaded ReDoS.

In this talk we’ll track down the patterns that can cause this trouble, explain why they are an issue and propose ways to fix them now and avoid them in the future. Together we’ll demystify these powerful search patterns and keep your application safe from expressions that are anything but regular.

Phil Nash

Phil is a developer relations engineer for DataStax and Google Developer Expert living in Melbourne, Australia. He loves working with JavaScript, TypeScript or Ruby to build web applications and tools to help developers. He once helped build a website that captured the world's favourite sandwich fillings. He has too many GitHub repositories.

Away from the keyboard, Phil listens to ska punk, hangs out with his miniature dachshund (also called Ruby), and is on a mission to discover the world's best beers.

Phil tweets at @philnash and you can find him elsewhere online at