55

What does the ?! mean in the following regex expression? 

new RegExp('http:\/\/(?!' + location.hostname + ')')
Francesco Boi
  • 5,497
  • 8
  • 54
  • 83
Ricky
  • 30,941
  • 36
  • 85
  • 129

3 Answers3

83

It's a negative lookahead, which means that for the expression to match, the part within (?!...) must not match. In this case the regex matches http:// only when it is not followed by the current host name (roughly, see Thilo's comment).

kumarharsh
  • 17,121
  • 7
  • 69
  • 93
Joey
  • 316,376
  • 76
  • 642
  • 652
  • +1 or, because of lack of proper escaping, only if it is not followed by something similar to the host name, with dots replaced by stuff admissible. – Thilo Aug 31 '12 at 07:36
  • 1
    Indeed. It probably won't make *that* much of a difference in most cases, though. Although, in the light of the recent Stripe CTF, such a lapse could be both hard to spot and may allow things that were not intended ;-) – Joey Aug 31 '12 at 07:38
  • 1
    Yes, won't matter. It's just that years of fixing injection vulnerabilities make these things stand out for me now ... – Thilo Aug 31 '12 at 07:39
  • 1
    This answer has been added to the [Stack Overflow Regular Expression FAQ](http://stackoverflow.com/a/22944075/2736496), under "Lookarounds". – aliteralmind Apr 10 '14 at 00:29
5

It's a negative lookahead, you can check here for more information.

npinti
  • 50,175
  • 5
  • 67
  • 92
-1

It's a look around.

location.hostname must not follow http:\/\/

Jürgen Steinblock
  • 26,572
  • 21
  • 100
  • 169