Sanitization of User-Supplied Regular Expressions in PHP

Question

I want to create a website where users can test regular expressions (there are many out there already...such as this one: http://www.pagecolumn.com/tool/pregtest.htm). Basic

Answer 1

If the regex is being stored in a database, you should use whatever method you would normally use to escape the data, such as prepared statements.

Otherwise, my only concern is that the user could supply malicious regex in the sense that it could contain a mischeviously complex regex, and I'm not sure there is a way to check that.

One thought is that you could make your regex evaluator all client side by doing it in JS, but there are inconsistencies between php's preg functions and JavaScript regex functions.