Requiring Letters and Numbers in form field with JavaScript - javascript

I have a form and I need to require letters and numbers. All the solutions I have seen, simply allow only letters and numbers but do not require both.
I have this Regex: /^[0-9a-zA-Z]+$/ which allows one or the other. How can I make this a requirement, meaning the text must contain at least a number.
Thanks my friends.
Guy

To break this down, we're requiring at least 2 characters, a letter and a number. In the code we start with the possibility of an alpha-numeric character. I'm not using \w because it also allows _ characters. In the group we have an or that looks for either a letter before a number, or a number before a letter. Then after the group we're requiring if anything exists that it also be alpha-numeric.
/^[A-Za-z0-9]*([A-Za-z][0-9]|[0-9][A-Za-z])[A-Za-z0-9]*$/i
As a recommendation, it's always best to use a server-side language as your front-line defense when validating a form instead of a Javascript-only approach. The reasons:
Someone can disable Javascript
The server needs to be protected from malicious attack (SQL or XSS injection)
Someone can bypass your form altogether by directly linking to the handler (if you're not requiring a valid referrer)
Some browsers like Lynx do not use Javascript, so it's not user friendly for people who need to use screen reading devices

Related

Is there anyway to simulate a "Did you mean" in Java Script?

So I'm creating a bot with an API, and the list is pretty case sensitive and only allowing exact matches.
For example, there I have the word "ENCHANTED_GLISTERING_MELON". Its all-caps have underscores and complicated spelling, and the site does not accept if it is not an exact match. It is not so user-friendly. Is there any way to so that when a user inputs something, it will auto-capitalize, replace spaces with underscores, and most importantly, check for misspellings, then consider the closest word? I have a dictionary of what the site accepts.
It not a a simple task to disallow some words with typos.
To avoid reinventing the wheel I would recommend you to use the one of the Open Source engines like RASA to enable neural language processing with your chat.
https://rasa.com/
However, it's not so easy to use if you having troubles with parsing the string in JavaScript.
For a words similarities you check Levenshtein Distance algorithm:
https://www.npmjs.com/package/autocorrect
https://www.npmjs.com/package/string-similarity
Getting the closest string match
For a simple solution you can just replace your disallowed words:
How to replace several words in javascript
Also, if it's just a filter for a bad words in your chat you can use some existing libraries like bad-words:
https://www.npmjs.com/package/bad-words
And you can capitalize everything for your particular strange case:
'enchanted glistering melon'.trim().replace(/ /g,'_').toLocaleUpperCase()

Easy way to remove what's NOT in regex

Is there an easy way to get the opposite of a regex or do I need to build a new regex that produces the opposite of what I have?
For example, I use this regex to make sure I'm getting proper currency values -- without $ sign.
/^[0-9]+(\.[0-9][0-9]?)?$/
I want to now remove everything that falls outside this pattern. For example, if user enters letters or tries to enter two periods e.g. 7.50.6, I want to remove undesired characters. How do I do that?
I think you're going at this in the wrong way. First of all, trying to hide input error in such a way is a bad idea. If a user has to type a number and they put an extra dot, what tells you which is the good part and which is the bad? You're better off telling the user there's something wrong with their input.
But typically, you use a regex by specifying what it has to look like AND what are the significant portions you want to keep using capture groups.
This is a capture group: ([a-z0-9])#example.com; this is a non-capture group: (?:hello|hi).
In case of a phone number, all that matters are the digits, so you can capture them and accept multiple forms of in-between characters. Here's a simple one for a postal code:
([A-Z][0-9][A-Z]) ?([0-9][A-Z][0-9])
Then all you have to do is combine the captured groups. If present, the space won't be captured.
Find more examples on MDN.

Find UNICODE or not using Javascript

We are designing a SMS send form where users can type any character they want. The system should determine what type of character they type and based on that it will decide the type of the message and charge the user for SMS credts. This form is going to be used by all over the world.
I am trying this using Javascript. I count the number of characters and loop through each character. If any of the character is double byte (> 255) then I determine it is a UNICODE or else it is a plain ASCII text.
I am not sure whether I am doing in the right way.
Recently one of the user tried the below and he claimed that the system has not deducted as UNICODE. I got surprised that all these characters are less than 255 and I doubt my logic whether am I doing correct.
Sævar Davíðssson. ÆÝÐÞ
Can someone guide me please.
Because of how various sms systems handle characters, you might have to create a whitelist in order to know what people will or will not get charged for.
Some carriers even charge differently depending on whether they're going to other carriers as well, so it can get fairly complex.
And if that wasn't bad enough, some carriers don't use pre-defined standards for their character sets. And several (especially internationally) use different and conflicting standards for character encoding.
Especially using JavaScript if you don't have the same character encoding as the carrier you'll run into problems figuring out what's legal to use.
The original ASCII standard only defines 7-bit characters. There are a variety of 8-bit character encodings expanding on ASCII. One of the most popular ones is ISO 8859-1 ("latin-1", also mostly coincident with the windows codepage 1252). This adds a lot of western european language characters to the 7-bit ASCII set, including the ones in your example string.

Can a whitespace regex character be used to perform a javascript injection? [duplicate]

if I want to validate the input of a <textarea>, and want it to contain, for example, only numerical values, but even want to give users the possibility to insert new lines, I can selected wanted characters with a javascript regex that includes even the whitespace characters.
/[0-9\s]/
The question is: do a whitecharacter can be used to perform injections, XSS,even if I think this last option is impossible, or any other type of attack ?
thanks
/[0-9\s]/ should be a safe whitelist to use, I believe. You do need to ensure that it checks the entire input, though; I think you mean /^[0-9\s]*$/.
Also remember, of course, that you have to validate it server-side, not just in the browser. Attackers can easily bypass JavaScript validation code.

How to detect what allowed character in current Regular Expression by using JavaScript?

In my web application, I create some framework that use to bind model data to control on page. Each model property has some rule like string length, not null and regular expression. Before submit page, framework validate any binded control with defined rules.
So, I want to detect what character that is allowed in each regular expression rule like the following example.
"^[0-9]+$" allow only digit characters like 1, 2, 3.
"^[a-zA-Z_][a-zA-Z_\-0-9]+$" allow only a-z, - and _ characters
However, this function should not care about grouping, positioning of allowed character. It just tells about possible characters only.
Do you have any idea for creating this function?
PS. I know it easy to create specified function like numeric only for allowing only digit characters. But I need share/reuse same piece of code both data tier(contains all model validator) and UI tier without modify anything.
Thanks
You can't solve this for the general case. Regexps don't generally ‘fail’ at a particular character, they just get to a point where they can't match any more, and have to backtrack to try another method of matching.
One could make a regex implementation that remembered which was the farthest it managed to match before backtracking, but most implementations don't do that, including JavaScript's.
A possible way forward would be to match first against ^pattern$, and if that failed match against ^pattern without the end-anchor. This would be more likely to give you some sort of match of the left hand part of the string, so you could count how many characters were in the match, and say the following character was ‘invalid’. For more complicated regexps this would be misleading, but it would certainly work for the simple cases like [a-zA-Z0-9_]+.
I must admit that I'm struggling to parse your question.
If you are looking for a regular expression that will match only if a string consists entirely of a certain collection of characters, regardless of their order, then your examples of character classes were quite close already.
For instance, ^[A-Za-z0-9]+$ will only allow strings that consist of letters A through Z (upper and lower case) and numbers, in any order, and of any length.

Categories

Resources