The errors and insecurities and the "Invalid Regular Expression-error here are browser dependent, a browser coding JavaScript for a particular browser engine could encounter insecurities in other browsers.
The ins and outs of this are treated here by Tom McFarlin in this article on that subject: https://tommcfarlin.com/invalid-regular-expression-flag/
If regular expressions are the argument accepted in a function signature, then that’s the one you’ve gotta use
We already encounter a lot of cross browser scripting that kicks up no source and sinks with an XSS scan or produces invalid code even. In main coding things may be OK rather than in third party coded plug-ins and themes. Coding with security in mind should have a first priority.