I want to use regular expression in JavaScript for form input validation. These is a string which should not have either < , > or any specific set of chars which I mention. The test should pass if the string don't have those chars.
So how can I specify in regular expression not to have a char.
Ex开发者_StackOverflow中文版ample:
stringX = "vijay<>@$%_"
my objective is
- string should not have '<','>' chars.
- test should pass return true if stringX doesn't have those chars.
Note:
I could do :
stringX = "vijay<>@$%_"
regExp=/[<>`]/;
if(!rexExp.test(stringX)) {
doSomthing()
}
but I don't want this.
Because I will end up in a small trouble.
I have a generic function called validate()
function validate(stringX, regExp)
{
if(rexExp.test(stringX)) { // see there is no "!" in the condition.
return true;
}
}
Let's say I want to validate 2 strings.
- Case 1: having only digits. I would use regExp : /^[\d]*$/
- Case 2: not having <,> . I would use regExp: /^[<>`]*$ Since I don't want to specify all characters to be ALLOWED. I would like to specify the chars which are NOT ALLOWED.
But my validate function will work with only in the case 1. As in the case 2, I will not get the expected result. Validate() would give me true only if string has only <,>,` chars.
If you are okay with literally any other characters being in the string, this will match all strings that don't have the characters <, >, and `:
regexp=/[^<>`]*/;
Edit: corrected expression with line start/end anchors (thanks MizardX):
regexp=/^[^<>`]*$/;
The regexp you are looking for is this:
/^[^<>`]*$/
If you are doing this to ensure people don't inject html tags into the input, forget using javascript as validator.
It will only give you a false sense of security and will not stop anyone from abusing your system.
A better approach is one fo the following:
- strip the charachters serverside
- html encode the input serverside before storing it
- store the input as is, and html encode it whenever you output it
The last solution is the one i usually prefer, since it is the most flexible,for instance if the user should be able to edit the original input later.
Lastly, always htmlencode usergenerated content before outputting it, or you will end in trouble :)
stringX = "vijay<>@$%_"
regEx=/[<>`]/g;
stringX.replace(regEx, '');
精彩评论