MediaWiki should have some way to reject regular expressions which are vulnerable to ReDoS attacks (or are ReDoS attacks). Some use cases:
- T105126: [Task] Evaluate pattern constraints (safely)
- T176312: Don’t check format constraint via SPARQL (safely evaluating user-provided regular expressions)
Some tools that claim to be able to detect vulnerable regular expressions:
It seems not too hard to compile one of these into a binary and make MediaWiki shell out to it to check regular expressions before executing them.