Reduce Unused JavaScript with Dynamic CMS Components

Reduce Unused JavaScript Nextjs Bundle Analysis

Reduce Unused JavaScript to Improve Lighthouse Performance

Create Global UI State with React Context

Rich Domain

Serverless Framework Talk

Middleware Pipelines - Promises

Middleware Pipelines - Chain of Responsibility

Power of TypeScript for React Talk

Progressive Web Apps ⚡️ talk

Refactoring

Reducers

Actions

Connected Components

Component Props and State Interfaces

The Power Of Typescript For React

Diving Into Functional Programming

Models Everywhere

Reactive Programming

Pure Components. Creating stable, testable UI we can rely on

Terminator Genisys Movie And Poster Creator

Image Pooling for the Win

BoA Vantage Points app, the React Native / Redux Challenge

Is It Anonymous

The Power Of A Virtual Dom

Libraries Should Not Initialise State

Coffee Script Nodejs Debugging

Building Stats in to GigStamp

Promises And Events

Nesting Handlebars helpers into templates.

Inserting a model at correct index in Marionette.CollectionView appendHtml

Measuring performance between high resolution timers

Leap Motion workshop at Southville JS Bristol

Flight of the Audio Visualator - Bristol Skillswap

JavaScript Vector Classes for Creative Coding

How will I Keep JavaScript Code Quality High (JSHint)

3D CSS boxes and Physics with Cannon.js

Visual Graphing to See Relationships

Presenting Adventures in HTML5 Games, AKQA Anoraks

HTML5 Racer - Adding a Track and Colliding with it

Drawing Sprites with Canvas

Velocitr, velocity and drag helper

Testing jQuery.kinetic with Grunt and qUnit

Submitting a form to a new window

Making a simple html5 racing game

A (RegExp) Catastrophe

Using OAuth to connect with Github using Node.js

Cross Domain or Protocol iFrame Communication

Validating Postcodes with a Regular Expression

Simplify, Modularise, Simplify

liScroll Update (jQuery news ticker with next/previous/play)

Rivet Advanced JavaScript Combiner v2 Released

New Juxtapo article on the Aqueduct site

Some worthwhile reading

sjs, making server-side JavaScript easy


Have you ever come across the term "Catastrophic Backtracking" in relation to regular expressions? Well I came face-to-face with it's fury the other day while researching a bug in an old CMS module which I was trying my best to fix.

It started out with an *outrageous* claim from a QA tester that he could crash Chrome by typing in a large number of characters in to a text box. I tested it out and to my surprise the problem was worse than he realised and it all stemmed from a particular regular expression being used to validate an email address. It looked like this:

    ^[A-Za-z0-9](([_\.\-]?[a-zA-Z0-9]+)*)@([A-Za-z0-9]+)(([\.\-]?[a-zA-Z0-9]+)*)\.([A-Za-z]{2,})$

Looks pretty harmless?? But combine it with a test like so:

    /^[A-Za-z0-9](([_\.\-]?[a-zA-Z0-9]+)*)@([A-Za-z0-9]+)(([\.\-]?[a-zA-Z0-9]+)*)\.([A-Za-z]{2,})$/.test('dddddddddddddddddddddddddddddddddddddddd');

Whoooop browser bye bye. In fact you could simplify it to the following test as we found on the [stackoverflow thread](http://stackoverflow.com/questions/12803859/regexp-and-string-combination-crashes-chrome):

    /(d+)*A/.test('dddddddddddddddddddddddddddddddddddddddd');

So what's going on here? Well for the full explanation provided by [Tim](http://stackoverflow.com/users/20670/tim-pietzcker) take a look at [the answer](http://stackoverflow.com/a/12809054/138733), but to give you a quick summary. `(d+)*` in essence can be fulfilled by the following matches (each group separated by spaces):

    ddddd
    dddd d
    ddd dd
    dd ddd
    d dddd
    ddd d d
    dd d dd
    d d ddd
    dd dd d
    d dd dd
    d ddd d
    d d d dd
    d d dd d
    d dd d d
    dd d d d
    d d d d d

This essentially means that there are an exponential number of possibilities dependant on the length of the string, and at a character length of only 40 you have a possible 549,755,813,888 combinations which takes time to go through and causes the browser to hang.

So keep an eye out for the following combinations in your regular expressions where d can be a single character or (more likely) the result of another block:

    (d+)*
    (d*)*
    (d+)+

Read more [information on Catastrophic Backtracking](http://www.regular-expressions.info/catastrophic.html).

*Sidenote*: As a lot of people made quite clear in the discussion on Stack Overflow, it isn't recommended to use a regular expression to test the full email. It is much safer and efficient to break it up in to it's sections and validate each individually.
