Depending on how nasty your users are, allowing arbitrary regular expressions is an unwise choice. The following regex is valid but will use up lots of CPU:

"aaaaaaaaaaaaaaaaaaaaaaaaaaaaa" =~ /a*a*a*b/
[download]

If you can come up with a whitelist of allowed regexes, that would improve things, or maybe consider running the regex search as a time-limited subprocess.