Allow empty string matching in UntrustedRegexp (!235458) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Allow empty string matching in UntrustedRegexp

Initially, match?() didn't allow empty string matching, likely due to an implementation oversight rather than an explicit decision. Out of caution, we added a default-false parameter that allowed opting into empty-string-matching. We'll now change this to the only/default behavior, but with a derisk FF in case there's unexpected side effects.

References

How to set up and validate locally

The original issue has a CI config sample and steps to understand the desired behavior: !192082 (merged)

However, this MR is only cleaning up tech debt, so it shouldn't change anything there. The match?() method is widely used, hence the derisk FF despite not anticipating any negative impact as it's a very particular edge case.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited May 11, 2026 by Manuel Grabowski

Allow empty string matching in UntrustedRegexp

What does this MR do and why?

References

How to set up and validate locally

MR acceptance checklist

Merge request reports