Regex Tester
Test regular expressions with real-time highlighting and match groups. 100% client-side processing.
No data sent to serverRelated Tools
What is a Regular Expression?
A regular expression (regex or regexp) is a compact language for describing search patterns over strings. The theory dates back to Stephen Cole Kleene's 1956 work on regular languages. Ken Thompson published the foundational regex search algorithm in 1968, and around 1973 separated regex search from the ed editor into the standalone grep tool in early Unix. Modern flavors — JavaScript's ECMAScript regex, PCRE (Perl-compatible), POSIX BRE/ERE, RE2 — extend the original theory with backreferences, lookarounds, and Unicode support.
The two regex worlds
Regex engines split into two architectures. Backtracking engines (Perl, Python, JavaScript, .NET) support powerful features like backreferences and lookarounds but can hit catastrophic blowup on certain patterns (ReDoS). Automaton-based engines (RE2, Hyperscan, Rust's regex) guarantee linear time in input length but drop backreferences. Choose engine based on threat model: if you regex untrusted input, prefer RE2.
When to use regex (and when not)
- ✅ Tokenizing log lines, validating simple formats, find/replace in editors
- ✅ Extracting fields from semi-structured text (CSV with quirks, server logs)
- ❌ Parsing HTML/XML — they're not regular languages; use a real parser
- ❌ Validating email addresses fully — RFC 5321/5322 require ~5,000-char regex
- ❌ Parsing JSON, programming languages — use proper grammars
How to Use
- Enter a regex pattern in the Pattern field (without delimiters — write
\d+not/\d+/g). - Select flags via checkboxes —
gfor all matches,ifor case-insensitive,mfor multiline anchors,sfor dot-matches-newline,ufor Unicode mode. - Type or paste test text in the Test String area. Matches highlight in real-time as a Web Worker runs the regex with a 2-second timeout (ReDoS protection).
- The Matches panel shows each match with its index and any capture groups.
- Use the Presets dropdown to load common patterns (Email, URL, IP, Phone, ISO Date) as starting points.
⚡ ReDoS protection: Patterns running longer than 2 seconds in the Worker are killed. This prevents browser hangs on malicious or accidental catastrophic backtracking patterns.
Regex Cheatsheet
Character classes
\d digit (0-9) \D non-digit \w word char (a-z 0-9 _) \W non-word char \s whitespace \S non-whitespace . any char (except \n) [abc] one of a, b, or c [^a] anything except a [a-z] range a to z
Quantifiers
* 0 or more (greedy) *? 0 or more (lazy)
+ 1 or more (greedy) +? 1 or more (lazy)
? 0 or 1 ?? 0 or 1 (lazy)
{n} exactly n {n,} n or more
{n,m} n to m {n,m}? n to m (lazy)Anchors and boundaries
^ start of string (or line with /m) $ end of string (or line with /m) \b word boundary \B non-word boundary \A start of input (no /m effect) \z end of input
Groups and references
(abc) capturing group (?:abc) non-capturing group (?<name>abc) named group (`match.groups.name`) \1 backreference to group 1 \k<name> backreference to named group
Lookarounds (zero-width)
(?=abc) positive lookahead — followed by abc (?!abc) negative lookahead — NOT followed by abc (?<=abc) positive lookbehind — preceded by abc (?<!abc) negative lookbehind — NOT preceded by abc
Example: \d+(?=px) matches digits before "px" without consuming "px".
Unicode (with /u flag)
\p{L} any letter (any script)
\p{N} any digit
\p{Hangul} Korean syllables
\p{Han} Chinese characters
\p{Emoji} emoji charactersCommon Pitfalls
1. Catastrophic backtracking (ReDoS)
Patterns like (a+)+b on inputs like aaaaaaaa! can take exponential time. The famous Cloudflare 2019 outage was caused by a regex with this property. Avoid nested quantifiers ((x+)+, (x*)*, (x|x)*); use atomic groups or possessive quantifiers if your engine supports them. RE2 prevents this by construction.
2. Greedy vs lazy mismatch
<.+> matches as much as possible — <b>hello</b> becomes one big match including the inner text. Use lazy <.+?> for the smallest match. Better: exclude > with <[^>]+>.
3. Forgetting to escape special characters
. matches any character, not literal dot. To match a real period, escape it: \.. Same for + * ? ( ) [ ] | \. When building a regex from user input, always pass through str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&").
4. Anchor confusion in /m mode
Without /m, ^ and $ are start/end of string. With /m, they match start/end of each line. To always anchor on the whole string regardless of mode, use \A and \z (not supported in JavaScript).
5. Regex for HTML / JSON / email
Don't. HTML and JSON aren't regular languages — nesting and quoting break naive patterns. Email addresses fully comply with RFC 5322 only via a ~5,000-char regex. Use real parsers (DOMParser, JSON.parse) and let your library handle the exact format. Regex is for "good enough" pattern matches.
FAQ
Is my data stored or sent anywhere?
No. All regex processing happens in a sandboxed Web Worker in your browser. No data leaves your device.
Which regex flavor does this use?
JavaScript's built-in RegExp engine — ECMAScript regex spec. Supports lookahead, lookbehind, named groups, Unicode property escapes, and 6 flags (gimsuy). Some advanced PCRE features (atomic groups, possessive quantifiers, recursion) are not available.
What do the flags mean?
g (global) finds all matches, i ignores case, m makes ^ and $ match line boundaries, s makes . match newlines, u enables full Unicode mode (required for \p{} property escapes), y makes the regex sticky.
Why does my regex run forever then time out?
Catastrophic backtracking. Your pattern has nested quantifiers that explore exponentially many combinations on certain inputs. Common culprits: (a+)+, (.*)*, (a|a)+. Rewrite without overlapping alternatives or use a non-backtracking engine (RE2).
How do I match Unicode like Korean or emoji?
Add the u flag and use \p{Hangul} for Korean, \p{Han} for Chinese, \p{Emoji} for emoji. Without the u flag, . doesn't match emoji surrogate pairs correctly.
What's the difference between greedy and lazy quantifiers?
Greedy (.+) matches as much as possible, then backtracks if needed. Lazy (.+?) matches as little as possible, then expands. Greedy is the default; add ? after a quantifier to make it lazy.
⚠️ Reference Only
Output is generated based on your input and is provided for reference. Results may vary depending on your specific use case, edge cases, or environment-specific behavior. We do not guarantee accuracy of conversions, validations, or computed values.
Always verify critical outputs against official documentation or production environments. We are not responsible for any decisions or losses based on these tool results.
📖 Related Guides
Regex Lookahead and Lookbehind Explained
Master regex zero-width assertions: positive/negative lookahead and lookbehind.
Unix Timestamp vs ISO 8601 — Which to Use?
Compare Unix timestamps and ISO 8601 dates for storage, APIs, and human readability.
HTTP Status Codes — Complete Reference (1xx–5xx)
RFC 9110 with real-world API patterns. 401 vs 403, 409 vs 422, 502 vs 503 vs 504.