开发者

negation in regular expression

问答 作者:

I want to use regular expression in JavaScript for form input validation. These is a string which should not have either < , > or any specific set of chars which I mention. The test should pass if the string don't have those chars.

So how can I specify in regular expression not to have a char.

Ex开发者_StackOverflow中文版ample:

stringX = "vijay<>@$%_"

my objective is

  1. string should not have '<','>' chars.
  2. test should pass return true if stringX doesn't have those chars.

Note:

I could do : 

stringX = "vijay<>@$%_"
regExp=/[<>`]/; 
if(!rexExp.test(stringX)) {
  doSomthing()
}

but I don't want this.

Because I will end up in a small trouble.

I have a generic function called validate()

function validate(stringX, regExp)
{
   if(rexExp.test(stringX)) {  // see there is no "!" in the condition.
      return true;
    }
}

Let's say I want to validate 2 strings.

  1. Case 1: having only digits. I would use regExp : /^[\d]*$/
  2. Case 2: not having <,> . I would use regExp: /^[<>`]*$ Since I don't want to specify all characters to be ALLOWED. I would like to specify the chars which are NOT ALLOWED.

But my validate function will work with only in the case 1. As in the case 2, I will not get the expected result. Validate() would give me true only if string has only <,>,` chars.

If you are okay with literally any other characters being in the string, this will match all strings that don't have the characters <, >, and `:

regexp=/[^<>`]*/;

Edit: corrected expression with line start/end anchors (thanks MizardX):

regexp=/^[^<>`]*$/;

The regexp you are looking for is this:

/^[^<>`]*$/

If you are doing this to ensure people don't inject html tags into the input, forget using javascript as validator.

It will only give you a false sense of security and will not stop anyone from abusing your system.

A better approach is one fo the following:

  • strip the charachters serverside
  • html encode the input serverside before storing it
  • store the input as is, and html encode it whenever you output it

The last solution is the one i usually prefer, since it is the most flexible,for instance if the user should be able to edit the original input later.

Lastly, always htmlencode usergenerated content before outputting it, or you will end in trouble :)

stringX = "vijay<>@$%_"
regEx=/[<>`]/g; 
stringX.replace(regEx, '');

继续阅读:javascriptregex

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9