Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I just noticed that there is a validation rule that allow us to use regex on user inputs. But on documentation it doesnt warn us about anything, since Laravel do a lot of things under the hood i wounder if it does something to avoid ReDoS attacks when using regex rules on input validation.
Laravel probably doesn't, the developer needs to implement good authorization and perhaps implement regex strategically. AWS has articles on protection techniques such as https://aws.amazon.com/shield/ddos-attack-protection/ perhaps search and see if they have any on ReDoS, but just a suggestion.
Surely its up to you not to write an "evil" regex pattern in your code?
Please or to participate in this conversation.