add another example to the qhelp in poly-redos, showing how to just limit the length of the input

java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp

@@ -103,6 +103,35 @@
 
 	</example>
 
+    <example>
+        <p>
+            Sometimes it's unclear how a regular expression can be rewritten to
+            avoid the problem. In such cases, it often suffices to limit the
+            length of the input string. For instance, the following complicated 
+            regular expression is used to match numbers, and on some non-number 
+            inputs it can have quadratic time complexity:
+        </p>
+
+        <sample language="java">
+            Pattern.matches("^(\\+|-)?(\\d+|(\\d*\\.\\d*))?(E|e)?([-+])?(\\d+)?$", str);
+        </sample>
+
+        <p>
+            It's not immediately obvious how to rewrite this regular expression 
+            to avoid the problem. However, it might be fine to limit the length
+            to 1000 characters, which will always finish in a reasonable amount
+            of time.
+        </p>
+
+        <sample language="java">
+            if (str.length() &gt; 1000) {
+                throw new IllegalArgumentException("Input too long");
+            }
+
+            Pattern.matches("^(\\+|-)?(\\d+|(\\d*\\.\\d*))?(E|e)?([-+])?(\\d+)?$", str);
+        </sample>
+    </example>
+
 	<include src="ReDoSReferences.inc.qhelp"/>
 
 </qhelp>