##! Please refer to the documentation at
##! https://coreruleset.org/docs/development/regex_assembly/.

##! The following is an expansion of
##! (?:\$\{[^}]*\$\{|\$\{(?:jndi|ctx))
##! where every character also matches the equivalent named HTML entity.
##! It is a workaround for the shortcomings of `htmlEntityDecode`, which
##! handles numerical HTML entities well but only handles 5 named
##! entities. The official list of named entities can be found here:
##! https://html.spec.whatwg.org/multipage/named-characters.html.
##!
##! Note:
##!     - We don't match `}` or `}` because it would enable more
##!         evasions while also increasing the number of potential false positives.
##!         The risk of false negatives in this case is acceptable.
##!     - Omitting the terminating semi-colon can be used as an evasion with lenient
##!         parsers. We catch those by making the semi-colon optional.

##!+ i

(?:\$|$?)(?:\{|&(?:lbrace|lcub);?)[^}]*(?:\$|$?)(?:\{|&(?:lbrace|lcub);?)
(?:\$|$?)(?:\{|&(?:lbrace|lcub);?)(?:jndi|ctx)