Insecure ^

articles.md

@@ -70,7 +70,7 @@ the filename of the new article next to it.
  - `implied-eval.md` - ~~Implied eval is evil. Pass a function instead of a
    string~~
  - Unexpected 'in'. Compare with undefined or use the hasOwnProperty method
- - Insecure '{a}'
+ - `Insecure '{a}'` - Insecure ^
  - `use-isnan.md` - ~~Use the isNaN function to compare with NaN~~
  - `leading-decimal.md` - ~~A leading decimal point can be confused with a dot~~
  - Missing '{a}'

articles/insecure-hat.md

@@ -0,0 +1,50 @@
+<!---
+{
+    "titles": [
+        "Insecure ^"
+    ],
+    "slugs": [
+        "insecure-hat",
+        "w059"
+    ],
+    "linters": [
+        "jslint",
+        "jshint",
+        "eslint"
+    ],
+    "author": "hyeend"
+}
+-->
+
+### When do I get this error?
+
+The "Insecure ^" error is thrown when JSLint encounters a regular expression containing the negation operator ^.
+
+JSLint will only raise this warning if the `regexp` option is set to true.
+<!---
+{
+    "linter": "jslint"
+}
+-->
+```javascript
+"Hello Bob".match(/[^a-z]/g);
+// Returns [ 'H', ' ', 'B' ]
+```
+
+### Why do I get this error?
+
+This error is raised to highlight **potentially dangerous matches** such as some special control characters. For example, an attacker might include a unicode character or an EOL character, which would get matched by the over-zealous not and may cause your application to respond in unexpected ways.
+
+It is safe to ignore or disable this error if you are only matching in order to dispose of the matched characters, for example:
+
+<!---
+{
+    "linter": "jslint"
+}
+-->
+```javascript
+/*jslint regexp:true*/ // Allow ^ because we're only using it to remove the matching characters
+"Hello Bob".replace(/[^A-Z]/g, "");
+/*jslint regexp:false*/
+// Returns "HB"
+```

authors/hyeend.json

@@ -0,0 +1,6 @@
+{
+    "name": "Howard Yeend",
+    "twitter": "user24",
+    "github": "user24",
+    "bio": "JavaScripter"
+}