Regex Obfuscation

Potency Medium
Resilience Medium
Cost Low
Tags: regex


Regular expressions are used for matching text with a pattern. The transformation obfuscates regular expression literals to make them harder to understand by a human without changing their original pattern.

The regular expression becomes harder to read because each character and special-character (e.g., character classes, character sets, quantifiers) is replaced with a more verbose (but equivalent) representation.

Also the same regular expression will look different each time you obfuscate it because the character replacements are randomly generated, making the obfuscated output look polymorphic.

Code Annotation Example

// @jscrambler enable regexObfuscation


Consider the following regular expression to match old IE user agents:


The transformation produces random results so the following example is a possible output:

/[\u202f\u1680\t\u00a0 \u180e\f\u205f\n\u2028\v\u2029\u3000\u2000-\u200a\r]\u004dS\111E[\u3000\u2028\r\t\u2029\u202f\u1680\u180e\u2000-\u200a\v \f\n\u00a0\u205f][96-78]./.test(navigator.userAgent)

To obfuscate test and navigator.userAgent consider, for instance, combining this transformation with Dot to Bracket Notation and Duplicate Literals Removal.

Browser Compatibility

Browser Compatible Versions Tested Versions Notes
Chrome 50+ 50+
Firefox 40+ 40+
Internet Explorer 8+ 8+
Microsoft Edge 18+ 18+
Safari 9.1+ 9.1+

API Parameters


  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  "applicationId": "ZZZZZZ",
  "params": [
      "name": "regexObfuscation"