Regex Tester — Test Regular Expressions Online

Write a regex pattern, paste your test string, and see all matches highlighted in real time. Inspect capture groups, toggle flags, and debug instantly — no server, no signup.

/ / 
Matches will be highlighted here...

What is a Regular Expression?

A regular expression (regex or regexp) is a sequence of characters that defines a search pattern. It is one of the most powerful tools in a developer's arsenal — used for validating input, searching and replacing text, parsing logs, extracting data from strings, and much more.

This online regex tester lets you write and debug patterns in real time, with match highlighting, capture group inspection, and support for all standard JavaScript regex flags.

How to Use the Regex Tester

Using this tool is straightforward:

  1. Enter your pattern in the pattern input bar (without the surrounding / slashes).
  2. Select flags using the checkboxes: g for global matching, i for case insensitivity, m for multiline, s for dot-all.
  3. Paste your test string in the left panel — matches are highlighted in yellow in real time.
  4. Inspect the match list below the panels for exact positions and capture group values.

Regex Flags Explained

g — Global

Without the g flag, the regex stops after the first match. With g enabled, it finds every occurrence in the string. This is the most commonly used flag and is enabled by default in this tool.

i — Case Insensitive

Makes the pattern match regardless of letter case. /hello/i matches Hello, HELLO, hElLo, and all other case variations.

m — Multiline

Changes the behavior of ^ and $ anchors. By default, they match the start and end of the entire string. With m, they match the start and end of each line, making it easy to process multi-line text line by line.

s — Dot-All

By default, the . wildcard does not match newline characters (\n). Enabling the s flag makes . match any character including newlines, useful when matching patterns that span multiple lines.

Common Regex Patterns

Here are frequently used patterns to get you started:

Examples

Extract all numbers

Pattern: \d+
Flags:   g
Input:   Order 42 has 3 items worth $199
Matches: 42, 3, 199

Capture date parts

Pattern: (\d{4})-(\d{2})-(\d{2})
Flags:   g
Input:   Event on 2025-12-31 and 2026-01-15
Group 1: 2025, 2026  (year)
Group 2: 12, 01      (month)
Group 3: 31, 15      (day)

Production-ready regex patterns (and where they fail)

Editor’s note — by Amine H., last reviewed 27 May 2026.

After a decade of writing regex against real-world data, here are the patterns I reach for first — and, importantly, the failure modes I no longer ignore. None of these are “perfect”. Perfect regex usually means a parser would have been the right tool instead. Paste any of them into the tester above to see them work on your own input.

Email — pick the right pragmatism level

The fully RFC 5322-compliant regex is over 6 000 characters and accepts unicode local parts, IP-literal domains, and quoted-string addresses. Nobody uses it. What I use in production:

^[^\s@]+@[^\s@]+\.[^\s@]+$

It accepts almost anything that “looks like an email” — which is the point. Actual deliverability is checked by sending the verification email anyway. Don’t try to be a postmaster with regex; you will lose to user.name+tag@sub.example.co.uk within a day.

URL detection in free text

https?:\/\/[^\s<>"]+

Pragmatic. The common trap is writing https?:\/\/\S+ and then watching it swallow the trailing punctuation in “Check https://example.com.” Excluding <, >, " covers most HTML-embedding cases; strip trailing ., ,, ), ] in post-processing.

Phone numbers — country-specific, always

A single international phone regex that doesn’t either reject valid numbers or accept garbage does not exist. For the E.164 canonical form:

^\+[1-9]\d{1,14}$

For US (loose):

^\+?1?[-.\s]?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4}$

For France:

^(?:\+33|0)[1-9](?:[\s.]?\d{2}){4}$

The right tool for anything beyond a UI hint is Google’s libphonenumber. Regex catches obviously-wrong input; libphonenumber tells you whether the number is actually dialable in its country.

Date validation — don’t use regex

A pattern like ^\d{4}-\d{2}-\d{2}$ happily accepts 2024-13-45. To check whether a date is real, parse it (new Date() in JavaScript, datetime.strptime() in Python, Carbon::parse() in PHP, chrono::NaiveDate::parse_from_str() in Rust) and verify it round-trips back to the same string. Regex tells you a string looks like a date. Parsing tells you it is one.

Password strength — also don’t use regex

A regex that requires 8+ characters with one upper, one lower, one digit and one symbol scores high on outdated checkbox audits and zero on actual security. Password1! passes it. A 20-character random sentence (vastly stronger) fails it. The current consensus — NIST SP 800-63B — is: minimum length (8–12), allow long passphrases, and check against a breach database (HaveIBeenPwned API). Drop the regex policy.

Trim whitespace

^\s+|\s+$ with the global flag — but if your runtime has .trim() or strip(), use that. Regex is for cases where the built-in doesn’t exist.

Takeaway: regex shines for recognition (does this look like X?), not for validation (is this really X?). For anything safety-critical — emails delivered, phone numbers dialled, dates stored, passwords secured — pair the regex with a real check downstream. The patterns above are battle-tested first lines of defence, not silver bullets.

Sources: RFC 5322 (email) · Google libphonenumber · NIST SP 800-63B (passwords) · RFC 3986 (URI).

Frequently Asked Questions

This tool uses the JavaScript RegExp engine built into your browser. JavaScript regex is compatible with ECMAScript and supports most common features: character classes, anchors, quantifiers, capture groups, lookahead, and lookbehind. Some advanced features like named capture groups ((?<name>...)) and atomic groups are also supported in modern browsers.

Greedy quantifiers (*, +, ?) match as much text as possible. Lazy (non-greedy) quantifiers (*?, +?, ??) match as little as possible. For example, against <b>bold</b>: the pattern <.+> matches the entire string, while <.+?> matches only <b>.

Escape them with a backslash: \. matches a literal dot, \* matches a literal asterisk, \( and \) match literal parentheses. The characters that need escaping in regex are: . * + ? ^ $ { } [ ] | ( ) \

Capture groups are sections of a pattern wrapped in parentheses (). They capture the matched text so you can extract it separately. In this tool, each group is shown in the match list as $1, $2, etc. For example, the pattern (\w+)@(\w+)\.(\w+) on alice@example.com captures alice, example, and com in groups 1, 2, and 3.

Use the anchors ^ for start and $ for end. By default they match the start and end of the entire string. Enable the m (multiline) flag to make them match the start and end of each line instead. For example, ^\d+ with the m flag matches any line that starts with a number.

Common causes: (1) Missing the g flag — without it, only the first match is found. (2) Case sensitivity — enable the i flag if case shouldn't matter. (3) Unescaped special characters — a bare . matches any character, not a literal dot. (4) Hidden characters — copy-pasted text may contain invisible Unicode characters. Try typing the test string manually to isolate the issue.

No. All matching happens in your browser using the native JavaScript RegExp engine. Your pattern and test string never leave your device. This tool works completely offline.

Yes. Modern browsers support lookahead ((?=...), (?!...)) and lookbehind ((?<=...), (?<!...)). For example, \d+(?= dollars) matches a number only when followed by " dollars", without including " dollars" in the match.

Related Tools