So I need to make regex validation case insensitive. I know in the Javascript regex engine you can pass in something like this /regex/i to the constructor of RegExp.
The problem is that with ASP RegularExpressionValidator there is nothing to tell it that the regex is case insensitive and the javascript that does the work on the client side does not give any options to pass this flag.
How have you guys gotten around this issue short of creating a regex like [A-Za-z]. As you can imagine this gets very complex and ugly when the regex is complex.
Related
I have an input field where I expect the user to enter the name of a place (city/town/village/whatever). I have this function which is use to sanitize the content of the input field.
sanitizeInput: function (input) {
return input.replaceAll(/[&/\\#,+()$~%.^'":*?<>{}]/g, "");
}
I want to remove all special characters that I expect not to appear in place name. I thought a blacklist regex is better than a whitelist regex because there are still many characters that might appear in a place name.
My questions are:
Is this regex safe?
Could it be improved?
Do you see a way to attack the program using this regex?
EDIT: This is a tiny frontend-only project. There is no backend.
Your regex is perfect to remove any special characters.
The answers are :
1.the regex is safe , but as you mentioned it is a vuejs project so the js function will run on browser. Browsers basically not safe for doing user input sanitization. You should do that in backend server also , to be 100% safe
You can not improve the regex itself in this example. But instead of regex , you could use indexOf for each special characters also ( it will be fastest process but more verbose and too much code)
Like :
str.indexOf('&') !== -1
str.indexOf('#') !== -1
Etc
3.same as answer 1,the regex is safe but as it is used in browser js , the code an be disabled , so please do server side validation also.
If you have any issue with this answer ,please let me know by comment or reply.
It is important to remember that front end sanitization is mainly to improve the user experience and protect against accidental data input errors. There are ways to get past front end controls. For this reason, it is important to rely on sanitizing data on the backend for security purposes. This may not be the answer to your question, but based on what you are using for a backend, you may need to sanitize certain things or it may have built in controls and you may not need to worry about further sanitization.
ps.
Please forgive my lack of references. But it is worth researching on your own.
I have a pretty simple Nightwatch test written in javascript and part of it is to verify that the URL of the page is correct. The URL contains a random string of numbers each time the page is resubmitted, this string of numbers will change. The rest of the URL is static and already accounted for.
I have been searching and reading and still have not found a working solution, but I can't imagine its all that rare or difficult of a problem to overcome. I'm pretty brand new at javascript so I may be overlooking something simple, but I could really use some help.
You can use regular expression to verify the URL pattern. Use \d+ to match any number of digits.
For example if URL you're trying to match is www.example.com/path/123 where 123 is dynamic and can change you can use the following regex to test it.
var url = "www.example.com/path/123";
var regex = /www\.example\.com\/path\/\d+/;
regex.test(url)
Here regex.test(url) will return true for URL shown in example and also for URL's like www.example.com/path/111 or www.example.com/path/4 etc.
You can further improve the regex to ensure that it start with www by using ^ at the beginning of the regex like /^www\.example\.com\/path\/\d+/
Read more on regular expressions here
EDIT:
Here is a link to a JSFiddle I just wrote with the same code, that read's URL given in input field and test's its pattern with regex and shows alert with true or false based on result.
In your case I am guessing you are using selenium to read the current URL instead of reading it from an input. And you'll have to change the regex according to URL you are testing.
You can provide the URL you are testing in the input field and modify regex in the JSFiddle for testing.
I need some help with a JS Regex.
Here's the string I'm passing, I want to delete everything before 'Hanyuu-sama' with JS Replace.
Hanyuu","dj":{"id":18,"djname":"Hanyuu-sama
The first and second "Hanyuu" can change, the id number can change. This has already been cropped quite a bit with regular expressions.
Now I've tried a few and surprisingly it's failing when I do simple and complex regexes:
I've tried:
.*\"
And it does nothing, I've tried disgusting stuff in my desperation:
.*\","dj\":{\"id":.*,\"djname\":\"
And nada.
Here's a JS Fiddle and here's a http://regex101.com/r/tE2uY0/1 Regex JS matching platform.
Does anyone know why this isn't working?
I know this is likely bad practice, I'm just trying to learn Regexes.
Bonus points if anyone can refer me to a good source to learn Regular expressions. I'd love a solution but I'd like to learn how to do this myself in the future and why this one failed even more.
Your method call should look like this:
source = source.replace(/.*"/, "");
Regular expression in javascript are written between /.../ and not "/.../" like they are in many other languages.
If your string is always structured like that and it does not contain any more characters, your regex should do the trick. That's because the * quantifier acts greedy by default, thus always matching the last " in the string.
I am using the below regex in JavaScript for password policy check:
^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[##$_])(?=.*[\d\W]).*$
I tried the above regex using online regex checker
http://www.nvcc.edu/home/drodgers/ceu/resources/test_regexp.asp
Test cases passed as expected, negative test cases failed. But same regex when deployed in application does not validate properly.
For eg:
Tracker#123 does not work, where tRacker#123 works
Asd56544#12 also works fine.
Can you please point out what's wrong in regex above?
My advice is to separate this regex into several simple regex'es.
You may assign rules for your password, and for every rule you can assign a regex.
For example
Rule №1. Minimal length of password = 8 characters (can be done without regex)
Rule №2. At least one digit is required. ( /[0-9]/ )
Rule №3. At least one letter is required ( /[a-z]/i)
Rule №4. Illegal characters for password ( regex for some characters you don't want users to use in passwords)
Rule №n - some little regex
(and so on)
With this approach, it will be more easier to manage your validation in sooner time. For example after a year, you'll have to change your password policy. You'll forget what your big regex is meaning (and will spend a lot of time changing that big regex, or doing a new one). But with little separates regexes (meaning rules) you easily configure your password policy
Are you sure you syntax is correct?
Have a look at this JSfiddle, in it all the test cases pass
http://jsfiddle.net/pCLpX/
I am validating website by writing serverside regular expression when i copy the same thing in javascript and try to validate its not happening a part of my code is as follows
"^(https://)+\w+\.+\w" - //serverside validation working fine
document.getElementById('txtWebsite').value.match("^(https://)+\w+\.+\w") == null
how can i implement the same in client side validation
String.match is considering you regex as String and not as a RegExp object.
Try this:
document.getElementById('txtWebsite').value.match(/^(https:\/\/)+\w+\.+\w/)