I want to validate a RE2 regex a user enters on my React application. I know the re2 library exists, but that doesn't seem to work on a React application (guess it isn't designed for client side). re2-wasm and wasm-re2 don't work either as it seems like they require fs and path internally, so React gives me a polyfill error.
Basically this is what I want to do:
let userInput = 'asdf.*asd'
let regexError = false
try{
new RegExp(userInput)
}catch{
regexError = true
}
if(regexError) alert("Error in regex input")
But I want to do this with RE2, not with the regex flavor JavaScript uses, and I want to do this on the client side.
I do not want to run the regex on the client side, so if there is a way of only validating the syntax without actually running the regex (maybe doing basic syntax validation with the JavaScript RegExp and then disallowing certain combinations in the regex string), that works for me as well.
Related
When running a Postgres query using POSIX regular expression matching, the query may result in a invalid regular expression error if one of the RegExp patterns is invalid. If the regex query uses a database column, the error will occur if just one of the database rows contains an invalid RegExp pattern.
The problem is that validating values to be used for this type of query does not appear to be very straightforward. All of the solutions I have come across for validating RegExp patterns in javascript, including libraries such as regexpp do not appear to be reliable for testing whether Postgres would consider a given pattern to be valid.
Is there a way to test whether a pattern would be valid in a Postgres query, or is the only way to do this validation to actually run a Postgres query using the pattern?
I don't think there is anything built-in that does it in a user-accessible way. You can create your own function to do this by catching the error.
create function true_on_error(text) returns bool language plpgsql as $$
BEGIN
perform regexp_match('',$1);
return false;
exception when others then
return true;
end$$;
So I need to make regex validation case insensitive. I know in the Javascript regex engine you can pass in something like this /regex/i to the constructor of RegExp.
The problem is that with ASP RegularExpressionValidator there is nothing to tell it that the regex is case insensitive and the javascript that does the work on the client side does not give any options to pass this flag.
How have you guys gotten around this issue short of creating a regex like [A-Za-z]. As you can imagine this gets very complex and ugly when the regex is complex.
I have a pretty simple Nightwatch test written in javascript and part of it is to verify that the URL of the page is correct. The URL contains a random string of numbers each time the page is resubmitted, this string of numbers will change. The rest of the URL is static and already accounted for.
I have been searching and reading and still have not found a working solution, but I can't imagine its all that rare or difficult of a problem to overcome. I'm pretty brand new at javascript so I may be overlooking something simple, but I could really use some help.
You can use regular expression to verify the URL pattern. Use \d+ to match any number of digits.
For example if URL you're trying to match is www.example.com/path/123 where 123 is dynamic and can change you can use the following regex to test it.
var url = "www.example.com/path/123";
var regex = /www\.example\.com\/path\/\d+/;
regex.test(url)
Here regex.test(url) will return true for URL shown in example and also for URL's like www.example.com/path/111 or www.example.com/path/4 etc.
You can further improve the regex to ensure that it start with www by using ^ at the beginning of the regex like /^www\.example\.com\/path\/\d+/
Read more on regular expressions here
EDIT:
Here is a link to a JSFiddle I just wrote with the same code, that read's URL given in input field and test's its pattern with regex and shows alert with true or false based on result.
In your case I am guessing you are using selenium to read the current URL instead of reading it from an input. And you'll have to change the regex according to URL you are testing.
You can provide the URL you are testing in the input field and modify regex in the JSFiddle for testing.
I'm using the following regular expression to check if URLs are valid
var re = /^(http[s]?:\/\/(www\.)?|ftp:\/\/(www\.)?|www\.){1}([0-9A-Za-z-\.#:%_+~#=]+)+((\.[a-zA-Z]{2,3})+)(/(.)*)?(\?(.)*)?/;
var is_valid = re.test(input_url);
It works with small inputs, but starts to run endless with larger inputs. Consider the following 64-characters input
re.test("http://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
Running this won't complete within minutes when running with an up-to-date Google Chrome.
Is there a problem with the regular expression?
The hanging is due to backtracking, as Mariano mentioned in the comments. A regex that has multiple quantifiers such as * and + can result in there being way too many possible permutations of potential matches, and the engine hangs forever while trying to explore them all when a string doesn't match.
However, beyond this the regex has multiple problems and is not fit for purpose. I suggest you start over with one of the methods from previous questions on this topic:
Trying to Validate URL Using JavaScript
Javascript regular expression to validate URL
I have a search query from the user and I want to process it before applying to browser. since I'm using SEO with htaccess and the search url looks like this : /search/[user query] I should do something to prevent user from doing naughty things.. :) Like searching ../include/conf.php which will result in giving away my configuration file. I want to process the query like removing spaces, removing dots(which will cause problems), commas,etc.
var q = document.getElementById('q').value;
var q = q.replace(/ /gi,"+");
var q = q.replace(/../gi,"");
document.location='search/'+q;
the first replace works just fine but the second one messes with my query.. any solution to replacing this risky characters safely?
So if I disable JavaScript or use curl I still can do "naughty things"? On the client side do the sanity escaping with:
encodeURIComponent(document.getElementById('q').value)
and leave security checks to the server. You would be amazed what malicious user can do (using some escape sequences instead of plain . is the simplest example).
I'd do this server-side - it's too easy for someone to alter your JS in the page or switch it off altogether. Your search script that runs server-side can't (as) easily be tampered with and can then filter the search consistently.
You might also want to restrict what the search returns... if it's able to show sensitive config files, your search may have a little too much reach.
Dots in regular expressions match anything. You need to escape them with a back-slash ('\'):
var q = q.replace(/\.\./gi,"");