This is slightly scary to me because it will eval any code passed in as a string. I don’t think there’s any easy way to validate that the string is a regexp, but one idea I had was to pass the
regexp itself from
admin_dashboard_data, then have this method call
.source on it. That way if any evil code in our codebase wants to eval, it’ll need to pass an object that has a
I think the
.inspect will cover all the unsafe cases. Anyway, @ZogStriP proposed we move this check to the client side and I did that in pull request 13164. I am closing this one.