What's the security risk of using a regular expression with user input?
const userPattern = new RegExp(userInput);
Using unvalidated user input in regular expressions can lead to ReDoS attacks. Certain regex patterns (especially those with nested quantifiers) can cause catastrophic backtracking, effectively freezing the application. Always validate and sanitize user input used in regex patterns, use timeout limits for regex operations, and avoid using user-provided patterns entirely if possible.