开发者

Need this regular expression not to require at least 1 capital letter

开发者 https://www.devze.com 2023-02-05 20:20 出处:网络
The regular expression below is written now to require a capital letter. I was just told that capital letters are optional but no开发者_Python百科t required. How can I write this regular expression wi

The regular expression below is written now to require a capital letter. I was just told that capital letters are optional but no开发者_Python百科t required. How can I write this regular expression without changing any of the other parameters to not make at least one capital letter required.

/^(?:(?!([a-zA-Z0-9-().&@?""#,+''\s\/])\1\1)[a-zA-Z0-9-().&@?""#,+''\s\/]){7,}$/


That regular expression already does not require an upper-case character. The only "interesting" things it insists on are that the string cannot start with the same thing repeated 3 times (the same character that is), and the overall string needs to be at least seven characters long.

Also the doubling of single- and double-quote characters in the regex is not necessary.


There is nothing in that regex that requires uppercase letters. The requirements imposed by that regex are:

  • At least 7 characters long.
  • Contains only uppercase and lowercase letters, digits 0-9, the symbols -().&@?"#,+', whitespace, or /.
  • Does not start with 3 of the same character in a row. (The author probably intended this check to apply to the entire password, but it does not.)

If I'm not mistaken this appears to be used for password validation. This is a poor use of regexes for several reasons.

  1. It's hard to read. What does the regex check, exactly? What does that big mess of characters actually do? If you're not a regex expert it's gibberish.

  2. It's got several requirements crammed into one big regex. It would be easier to read and more maintainable if the checks were split into several lines of code:

    if (password.length < 7)                  reject("Too short.");
    if (numRepeatedCharacters(password) >= 3) reject("Too repetitive.");
    if (numDigits(password) < 1)              reject("Digit required.");
    if (numSymbols(password) < 1)             reject("Symbol required.");
    // etc.
    
  3. It contains a character whitelist instead of a blacklist. Please don't whitelist characters. There's no reason to prevent users from using characters you haven't thought of. What if they want to use an asterisk, percent sign, accented letters, etc.? You will reject those characters for no good security reason.

0

精彩评论

暂无评论...
验证码 换一张
取 消