From 0aa06ce6126d9c266b43d6c0bfd9cbc7ae81265b Mon Sep 17 00:00:00 2001
From: Ed Sanders <ejsanders@gmail.com>
Date: Mon, 20 May 2024 18:56:43 +0100
Subject: [PATCH] client/common: Disable regex security checks

Fixes #574
---
 client/common.json                   |  2 ++
 test/fixtures/client/common/valid.js | 10 ++++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/client/common.json b/client/common.json
index b676095a..924f75ca 100644
--- a/client/common.json
+++ b/client/common.json
@@ -11,6 +11,8 @@
 		"no-console": "error",
 		"no-implied-eval": "error",
 		"unicorn/no-invalid-remove-event-listener": "error",
+		"security/detect-non-literal-regexp": "off",
+		"security/detect-unsafe-regex": "off",
 		"security/detect-possible-timing-attacks": "off"
 	}
 }
diff --git a/test/fixtures/client/common/valid.js b/test/fixtures/client/common/valid.js
index b37c723c..d68aa41e 100644
--- a/test/fixtures/client/common/valid.js
+++ b/test/fixtures/client/common/valid.js
@@ -1,4 +1,4 @@
-( function () {
+( function ( userInput ) {
 	function checkHash( input, cachedValue ) {
 		var hash = JSON.stringify( input );
 		// Off: security/detect-possible-timing-attacks (#503)
@@ -7,5 +7,11 @@
 		}
 	}
 
-	checkHash();
+	checkHash(
+		// Off: security/detect-non-literal-regexp
+		new RegExp( '/[0-9]+' + userInput + '/' ),
+		// Off: security/detect-unsafe-regex
+		/^([a-zA-Z0-9_.-])+@(([a-zA-Z0-9-])+\.)+([a-zA-Z0-9]{2,4})+$/
+	);
+
 }() );