How to turn an user inputted value into a regexp without messing up with special characters?

Question

I'm fiddling around with MongoDB and there is something I stumbled upon. I'd like to make a simple application in which the user can search all documents in a collection, getting the documents of which the key username contains a certain user inputted value.

For implementing "contains" it appears a regular expression can be used. This works fine, but how can I convert user input into a regular expression? The problem is that simply doing ...

new RegExp(value);

... does not work because of special characters (like (, [ etc.). This means the user cannot do a query containing ( this way.

I thought escaping everything would do the job:

new RegExp(value.replace(/./g, function(x) {
    return "\\" + x;
});

... but it doesn't because some escaped characters are also special (e.g. \d), so this way non-special characters become special.

I'm a bit lost how I could turn a user inputted value into a regular expression. Or is there perhaps a better way of doing a query for all documents of which a key contains a certain user inputted value?

Answer 1

Implementation:

Based on this source.

var oldText = "[hello, world :) ]";
var sre = new RegExp('(\\' + ['/', '.', '*', '+', '?', '|', '(', ')', '[', ']', '{', '}', '\\'].join('|\\') + ')', 'g');
var newText = oldText.replace(sre, '\\$1'); // "\[hello, world :\) \]"

Further explanation:

sre is a regular expression that is matching all possible special characters and is using parentheses so it can reference matched parts.

Incomplete sre example:

/(\/|\.|\\)/g 

This will try to match for any of this characters: "/", "." and "\". Using then

text.replace(sre, '\\$1');

will escape every single matched character in text with "\". So it will replace "." with "\.", etc.