From e85da0310aeb59ca8fe20e00193601b03d51eb57 Mon Sep 17 00:00:00 2001
From: q-- <q--@users.noreply.github.com>
Date: Thu, 16 Nov 2017 22:46:45 +0100
Subject: [PATCH] Warn about unescaped periods in patterns (#1840)

---
 bin/validate-regex | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/bin/validate-regex b/bin/validate-regex
index 423aa2c69..380ffdb15 100755
--- a/bin/validate-regex
+++ b/bin/validate-regex
@@ -75,6 +75,18 @@ for ( app in json.apps ) {
 						throw new Error('HTML patterns must contain "<" or ">".\n' + app + ': ' + type + ': ' + pattern);
 					}
 				}
+
+				//Warn about suspicious periods (".") in patterns which should probably have been escaped
+				//	Periods inside character classes (such as [\d.]) don't count as wildcard, so we'll replace
+				//	the character classes in the pattern with "_". (We could remove them entirely, but then
+				//  we'd have to deal with leftover * and + characters; for example, removing the character
+				//  class entirely from the pattern /test.[a-z]+/ would yield the pattern /test.+/, which
+				//  would mean not detecting the un-escaped ".". Replacing the character class with an
+				//	underscore instead gives /test._+/, which WOULD yield a warning about the unescaped ".".)
+				if ( /(?:^\/|[^\\])\.(?:[^*+]|\/$)/.test(regex.replace(/([^\\]|^)\[[^\]]+\]/g,'$1_') ) ) {
+					console.warn('Suspicious period (".") in pattern. Should this have been escaped?\n\tApp: ' + app + '\n\tPattern: ' + type + ': ' + pattern);
+				}
+
 			});
 		}
 	});