A1 Injection (Regular Expression Denial of Service)

[ckarande]

Demonstrate ReDoS using:

1. Person name check on profile page (use regex ^[a-zA-Z]+(([',. -][a-zA-Z ])?[a-zA-Z])$ to check first name last name on profile form submission)
2. On signup page, add a validation to check if the username is part of the password. Construct Regex using user supplied input for username.

More details at https://groups.google.com/forum/#!topic/nodegoat/nkwQP1ONU-E