Skip to main content
The pre-scanner runs BEFORE the JavaScript parser (acorn) to catch DoS attacks that could crash or hang the parser itself. It enforces mandatory security limits that cannot be disabled.

Basic Usage

Why Pre-Scanning?

The JavaScript parser itself can be vulnerable to:
  • Memory exhaustion - Extremely large files
  • Stack overflow - Deeply nested expressions
  • CPU exhaustion - Complex regex patterns
  • Parsing hangs - Malformed Unicode sequences
Pre-scanning catches these before parsing begins.

Mandatory Limits

These limits protect against parser crashes and cannot be overridden:

Pre-Scanner Presets

Using Presets

Regex Handling Modes

The pre-scanner supports three regex handling modes:

Block Mode

Block ALL regex literals (AgentScript default, maximum security):

Analyze Mode

Allow regex but analyze for ReDoS patterns:

Allow Mode

Allow all regex without analysis (Permissive only):

ReDoS Detection

The pre-scanner detects dangerous regex patterns that cause exponential backtracking:

Manual ReDoS Analysis

Unicode Security

The pre-scanner detects Unicode-based attacks:

Bidirectional Text (Trojan Source)

Invisible Characters

Custom Configuration