Regex Diagnostic Lab

Regex Tester & Debugger

Enter regex pattern + test string → See matches, capture groups, indices. Free, instant, private.

Real-timeFreePrivateg, i, m, s, u
Editor
//
Flags:/.../g
Common Patterns

Quick-Load Regex Patterns

Email
/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g
Click to load
URL
/https?://[\w.-]+(?:\.[a-z]{2,})(?:/[\w./-]*)*/gi
Click to load
IP Address
/\b(?:\d{1,3}\.){3}\d{1,3}\b/g
Click to load
Phone (US)
/(?:\+1[-\s]?)?\(?\d{3}\)?[-\s.]?\d{3}[-\s.]?\d{4}/g
Click to load
Date (YYYY-MM-DD)
/\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[12]\d|3[01])/g
Click to load
Hex Color
/#(?:[0-9a-fA-F]{3}){1,2}\b/g
Click to load
HTML Tags
/</?[a-z][\w-]*(?:\s+[^>]*)?>/gi
Click to load
Capture Groups
/(\w+)\s(\w+)/g
Click to load
Cheat Sheet

Regex Syntax Quick Reference

.Any character (except newline)
\dDigit [0-9]
\wWord character [a-zA-Z0-9_]
\sWhitespace
\bWord boundary
^Start of string/line
$End of string/line
*0 or more
+1 or more
?0 or 1 (optional)
{n,m}Between n and m times
[abc]Character class
[^abc]Negated class
(group)Capture group
(?:group)Non-capture group
a|bAlternation (or)
(?=...)Positive lookahead
(?<=...)Positive lookbehind
Error Reference

Common Regex Error Messages

ErrorMeaningFix
Unterminated groupA capture group is missing its closing parenthesisCount your ( and ) — they must be balanced
Invalid escapeBackslash followed by an invalid characterUse valid escape sequences: \d, \w, \s, \b, \n, \t
Nothing to repeatA quantifier (*, +, ?) has no targetPlace a character or group before the quantifier
Unterminated character classA [ bracket is missing its ]Close your character class with ]
Invalid quantifierA {n,m} quantifier is malformedUse {n}, {n,}, or {n,m} where n <= m
Full Guide

What are Regular Expressions?

A regular expression (regex or regexp) is a sequence of characters that defines a search pattern. Developed by mathematician Stephen Cole Kleene in the 1950s as part of formal language theory, regex has become an indispensable tool in every programming language — from JavaScript and Python to Java, Go, and Rust.

Regex works by matching patterns against character strings. A simple pattern like \d+ matches one or more digits, while more complex patterns can validate email addresses, parse server logs, extract data from unstructured text, and perform bulk find-and-replace operations across entire codebases.

Basic Regex Syntax

JavaScript (ECMAScript) regex supports these core syntax groups:

  • Single characters: . matches any character (except newline unless the s flag is set). Use \. to match a literal dot.
  • Character classes: [abc] matches a, b, or c. [^abc] matches anything EXCEPT a, b, c. [a-z] matches any lowercase letter.
  • Quantifiers: * (0+), + (1+), ? (0 or 1), {n} (exactly n), {n,m} (between n and m).
  • Capture groups: (abc) creates a capture group. (?:abc) is non-capturing. (?<name>abc) is a named group.
  • Anchors: ^ start of string, $ end of string, \b word boundary.
  • Lookahead/behind: (?=...) positive lookahead, (?!...) negative lookahead, (?<=...) positive lookbehind, (?<!...) negative lookbehind.

JavaScript Regex Flags

FlagNameEffect
gGlobalFind all matches instead of stopping at the first one
iCase InsensitiveIgnore letter case: /abc/i matches ABC too
mMultiline^ and $ match the start/end of each line, not just the whole string
sDotAll. matches newline characters (\n) as well
uUnicodeProperly handle 4-byte Unicode characters (emoji, CJK ideographs)

Common Regex Mistakes

1. Forgetting the Global Flag (g)

Without the g flag, regex only returns the first match. This is the most common beginner mistake when using String.match() or String.matchAll(). Always add g when you need all matches.

2. Catastrophic Backtracking

Patterns with nested quantifiers like (a+)+ can cause exponential-time execution. When the string fails to match, the engine tries every combination before giving up. Fix: use possessive quantifiers (a++ in some engines) or design tighter patterns that fail fast.

3. Not Escaping Special Characters

The characters . * + ? ^ $ {} [] () | \ have special meaning in regex. To match them literally, prefix with a backslash: \., \*, \(. A common trap: 192.168.1.1 without escaping dots matches 19201681x1 too.

Regex in the Real World

  • Input validation: Email, phone numbers, postal codes, URLs — regex is the first line of defense on web forms.
  • Log analysis: Extract timestamps, IP addresses, HTTP status codes from server logs with regex patterns.
  • Find and replace: IDEs like VS Code support regex-powered search and replace — saving hours of manual refactoring.
  • Web scraping: Extract specific data from HTML when a DOM parser is unavailable or overkill.
  • Security: Detect SQL injection, XSS patterns, and other malicious input through WAF rules that use regex.
FAQ

Frequently Asked Questions

Related Tools

More Developer Tools

Find and Replace Text Online — Regex Search Replace Tool

Find and replace text online with regex support, case-sensitive matching, whole-word search, and highlighted matches. See match count and replace all or one at a time. Free browser-based tool for writers, developers, and data analysts.

JSON Formatter — Beautify, Minify & Validate JSON Online

Format, beautify, and minify JSON data with real-time validation. Configurable indentation (2/4/tab), instant error detection, copy and download. Free online JSON formatter for developers.

Slug Generator — Create SEO-Friendly URL Slugs Instantly

Convert any title or text into clean, SEO-friendly URL slugs instantly. Supports Vietnamese, multilingual transliteration, bulk mode, and custom separators. Try it free now.

Hash Generator — Create MD5 SHA-1 SHA-256 SHA-512 Online

Generate MD5, SHA-1, SHA-256, SHA-512 hashes from text or files instantly. All processing in your browser via Web Crypto API — try it free, no signup.

About Developer Tools

Developer tools automate the repetitive parts of software work: formatting JSON, encoding/decoding Base64, decoding JWTs to verify token claims, generating UUIDs, formatting XML, diffing configurations. These aren't glamorous tasks, but they're the friction points that eat 10-15 minutes multiple times a day — adding up to hours weekly. Running them in a clean browser tab beats wrestling with CLI dependencies or IDE extensions that might ship your private data to a third party.

Why it matters

Fast, client-side developer tools fundamentally matter because they're used with sensitive data. JWT tokens contain user identity. Base64 payloads might encode API keys. JSON dumps include customer records. If a 'developer tool' sends your input to a server to process, you've just leaked production secrets. ZestLab's dev tools run 100% client-side with no network calls after page load — what you paste stays in your browser.

Privacy and safety

All developer tools here execute in-browser using pure JavaScript. There's no 'decode server' or 'format API' — your JWT, your JSON, your encoded payload is parsed by code running on your laptop. Verify this yourself with browser DevTools → Network tab: you'll see zero outbound requests when using any tool. That's a standard we hold because dev tools handle secrets.

Best practices

  • Never paste production JWT or API tokens into ANY online tool without verifying it runs client-side (check the Network tab)
  • Use browser private/incognito mode for one-off decoding of sensitive payloads
  • Bookmark tools you use daily — ZestLab tool URLs are stable and don't require accounts
  • When formatting JSON with secrets for team review, redact credentials before sharing the formatted output