What does the URL Query Parameter (Single key=value) regex match?

Matches and captures a single URL query parameter in key=value format, where both key and value may be URL-encoded.

Is the URL Query Parameter (Single key=value) regex ReDoS-safe?

Yes. Verified through static analysis: no ambiguous alternations or nested quantifiers that could trigger exponential backtracking.

How do I use this regex in javascript?

// No imports required — RegExp is built into JavaScript const regex = /(?:^|[?&])([a-zA-Z][a-zA-Z0-9_\-.]{0,99})=([^&\s#]*)/g; const isValid = regex.test(input);

Web & Network/URL

Verified Safe

URL Query Parameter (Single key=value) Regex for JavaScript

/(?:^|[?&])([a-zA-Z][a-zA-Z0-9_\-.]{0,99})=([^&\s#]*)/g

What this pattern does

This page provides a well-structured, multi-part regular expression for matching url query parameter (single key=value), ported and verified for JavaScript. A rigorously tested regex reduces debugging time and protects your application from edge-case failures. The snippet below is ready to drop into your JavaScript project — whether you're validating in an Express middleware, a Next.js API route, or a client-side form.

Javascript Implementation

Javascript

// URL Query Parameter (Single key=value)
// ReDoS-safe | RegexVault — Web & Network > URL

const urlQueryParameterSingleKeyvalueRegex = /(?:^|[?&])([a-zA-Z][a-zA-Z0-9_\-.]{0,99})=([^&\s#]*)/g;

function validateUrlQueryParameterSingleKeyvalue(input: string): boolean {
  return urlQueryParameterSingleKeyvalueRegex.test(input);
}

// Example
console.log(validateUrlQueryParameterSingleKeyvalue("?key=value")); // true

Test Cases

Matches (Valid)	Rejects (Invalid)
`?key=value`	`?=value`
`?foo=bar&baz=qux`	`? key=value`
`?page=1&sort=name&order=asc`	`?123key=value`
`?q=hello+world`	—
`?encoded=hello%20world`	—
`key=value`	—

When to use this pattern

This pattern is drawn from the Web & Network > URL category and carries a ReDoS-safe certification. That matters for JavaScript developers because especially critical in long-running Node.js event loops where a ReDoS vulnerability can block the entire process. RegexVault audits patterns against known backtracking attack vectors, ensuring you have the necessary context before using this regex in a high-stakes production environment.

Common Pitfalls

Query parameter keys should not start with digits — use [a-zA-Z] as the first character class. Duplicate keys are valid in HTTP; the handling is application-specific.

Technical Notes

Use with the g flag in JS to iterate all parameters. Capture group 1 is the key, group 2 is the raw value. URL-decode values before use: decodeURIComponent(value.replace(/\+/g, ' ')).

Have a pattern that belongs in the vault?

Submit it for review — community-verified patterns get credited to your GitHub handle. Free submissions join the queue. Priority review available for $15.

Submit a Pattern