Potential fix for https://github.com/soderlind/wordpress-readme-preview/security/code-scanning/3

To address this problem, we need to ensure that any metacharacters in token, including the backslash \, are correctly escaped before using it in a dynamically constructed regular expression. The preferred and safest way is to use a general-purpose function to escape all regex metacharacters, not just a specific subset. The npm library escape-string-regexp is the canonical solution, but if only standard library usage is allowed, we can write a function to escape all regex metacharacters, including backslash.

In file src/parser/validator.ts, at line 464, replace the inline .replace(/([*~])/g,'\$1')with a function call such asescapeRegExp(token), where escapeRegExp` escapes all regex metacharacters safely. Add the following function definition somewhere in the file (near the top or above where it's used):

function escapeRegExp(s: string): string {
  // Escapes all special characters for safe insertion into regex
  return s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
}

Then update the invocation inside countMatches to call this helper function. No other lines need adjustment.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.