Test regular expressions with real-time match highlighting, capture groups, and named groups. Includes a cheat sheet and pattern explanation for quick reference.
Supported flags: g (global), i (case-insensitive), m (multiline), s (dotAll), u (unicode), v (unicode sets).
Use parentheses () for numbered groups, (?<name>...) for named groups. Both are shown in the match results.
Use anchors: ^ matches the start of the string, and $ matches the end. For example, /^[0-9]{4}$/ matches exactly 4 digits. In multiline mode (m flag), ^ and $ match the start and end of each line rather than the whole string. Without anchors, the pattern can match anywhere inside the string.
Catastrophic backtracking is the root of ReDoS (Regular Expression Denial of Service) attacks and is common with nested quantifiers like (a+)+. Optimization strategies: avoid nested quantifiers; use atomic groups or possessive quantifiers to prevent backtracking; move fixed parts outside of groups; use anchors (^ $) to limit the match scope; test boundary cases (strings of repeated characters). A regex tool that shows step count can help — over 1 million steps indicates ReDoS risk.