Wondering how many APIs implementing standards defined via #openapi specs are validating payload accidentally wrong as the tooling doesn't take into account that pattern fields contain ECMA based regular expression bodies while the spec implementors use PCRE2 or other regex engines available in their programming languages.

Subtle differences in syntax leading to wrong escaping leading to ranges of characters being duplicate singular matches. Or implementations based on different unicode versions etc.

Luckily specs often might have plain and simple regex patterns. Doesn't help when character classes like \w are maybe interpreted as unicode letters and numbers in PCRE2 (/u) while #JavaScript means [A-Za-z0-9_] or whatever other constellations are thinkable. And I don't even understand utf16/utf8 subtleties with surrogate pairs or whatnot.

Fun. I should implement something to help with this in #php. Libs don't seem to take this into account if my understanding is correct.