Sanitization of User-Supplied Regular Expressions in PHP

Question

I want to create a website where users can test regular expressions (there are many out there already...such as this one: http://www.pagecolumn.com/tool/pregtest.htm). Basic

Answer 1

If you allow user-submitted values for preg_replace make sure you disallow the e flag! Not doing so could allow a malicious user to delete your entire site, or worse.

Otherwise, the worst thing that can happen is what the other answers already point out. Set a low script timeout, and maybe you should even make sure that the page can only be called X times per minute.