List of all characters that should be escaped before put in to RegEx?


Could someone please give a complete list of special characters that should be escaped?

I fear I don't know some of them.

Take a look at PHP.JS's implementation of PHP's preg_quote function, that should do what you need:

http://phpjs.org/functions/preg_quote:491

The special regular expression characters are: . \ + * ? [ ^ ] $ ( ) { } = ! < > | : -


Based off of Tatu Ulmanen's answer, my solution in C# took this form:

private static List<string> RegexSpecialCharacters = new List<string>
{
    "\\",
    ".",
    "+",
    "*",
    "?",
    "[",
    "^",
    "]",
    "$",
    "(",
    ")",
    "{",
    "}",
    "=",
    "!",
    "<",
    ">",
    "|",
    ":",
    "-"
};


foreach (var rgxSpecialChar in RegexSpecialCharacters)
                rgxPattern = input.Replace(rgxSpecialChar, "\\" + rgxSpecialChar);

Note that I have switched the positions of '\' and '.', failure to process the slashes first will lead to doubling up of the '\'s


Inside a character set, to match a literal hyphen -, it needs to be escaped when not positioned at the start or the end. For example, given the position of the last hyphen in the following pattern, it needs to be escaped:

[a-z0-9\-_]+

But it doesn't need to be escaped here:

[a-z0-9_-]+

If you fail to escape a hyphen, the engine will attempt to interpret it as a range between the preceding character and the next character (just like a-z matches any character between a and z).

Additionally, /s do not be escaped inside a character set (though they do need to be escaped when outside a character set). So, the following syntax is valid;

const pattern = /[/]/;

The problem:

const character = '+'
new RegExp(character, 'gi') // error

Smart solutions:

// with babel-polyfill
// Warning: will be removed from babel-polyfill v7
const character = '+'
const escapeCharacter = RegExp.escape(character)
new RegExp(escapeCharacter, 'gi') // /\+/gi

// ES5
const character = '+'
const escapeCharacter = escapeRegExp(character)
new RegExp(escapeCharacter, 'gi') // /\+/gi

function escapeRegExp(string){
    return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
}

According to this site, the list of characters to escape is

[, the backslash \, the caret ^, the dollar sign $, the period or dot ., the vertical bar or pipe symbol |, the question mark ?, the asterisk or star *, the plus sign +, the opening round bracket ( and the closing round bracket ).

In addition to that, you need to escape characters that are interpreted by the Javascript interpreter as end of the string, that is either ' or ".


I was looking for this list in regards to ESLint's "no-useless-escape" setting for reg-ex. And found some of these characters mentioned do not need to be escaped for a regular-expression in JS. The longer list in the other answer here is for PHP, which does require the additional characters to be escaped.

In this github issue for ESLint, about halfway down, user not-an-aardvark explains why the character referenced in the issue is a character that should maybe be escaped.

In javascript, a character that NEEDS to be escaped is a syntax character, or one of these:

^ $ \ . * + ? ( ) [ ] { } |

The response to the github issue I linked to above includes explanation about "Annex B" semantics (which I don't know much about) which allows 4 of the above mentioned characters to be UNescaped: ) ] { }.

Another thing to note is that escaping a character that doesn't require escaping won't do any harm (except maybe if you're trying to escape the escape character). So, my personal rule of thumb is: "When in doubt, escape"