Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

negation in regular expression

I want to use regular expression in JavaScript for form input validation. These is a string which should not have either < , > or any specific set of chars which I mention. The test should pass if the string don't have those chars.

So how can I specify in regular expression not to have a char.

Example:

stringX = "vijay<>@$%_"

my objective is

  1. string should not have '<','>' chars.
  2. test should pass return true if stringX doesn't have those chars.

Note:

I could do :

stringX = "vijay<>@$%_"
regExp=/[<>`]/; 
if(!rexExp.test(stringX)) {
  doSomthing()
} 

but I don't want this.

Because I will end up in a small trouble.

I have a generic function called validate()

function validate(stringX, regExp)
{
   if(rexExp.test(stringX)) {  // see there is no "!" in the condition.
      return true;
    }
}

Let's say I want to validate 2 strings.

  1. Case 1: having only digits. I would use regExp : /^[\d]*$/
  2. Case 2: not having <,> . I would use regExp: /^[<>`]*$ Since I don't want to specify all characters to be ALLOWED. I would like to specify the chars which are NOT ALLOWED.

But my validate function will work with only in the case 1. As in the case 2, I will not get the expected result. Validate() would give me true only if string has only <,>,` chars.

like image 853
Vijay Krishna Avatar asked Jan 13 '11 12:01

Vijay Krishna


People also ask

What is negation in regex?

Similarly, the negation variant of the character class is defined as "[^ ]" (with ^ within the square braces), it matches a single character which is not in the specified or set of possible characters. For example the regular expression [^abc] matches a single character except a or, b or, c.

Is the negation of a regular language regular?

From this it is obvious that the negation of a regular language is regular, just run the original state machine and accept if it rejects and vice versa. This clearly only requires finite state and so it corresponds to a regular language.

How do you negate a regular expression in Java?

Negation: “[^]” It defines the symbol as the negation variant of the character class. It matches all the characters that are not specified in the character class in regex in java. (eg) (i).


2 Answers

The regexp you are looking for is this:

/^[^<>`]*$/

If you are doing this to ensure people don't inject html tags into the input, forget using javascript as validator.

It will only give you a false sense of security and will not stop anyone from abusing your system.

A better approach is one fo the following:

  • strip the charachters serverside
  • html encode the input serverside before storing it
  • store the input as is, and html encode it whenever you output it

The last solution is the one i usually prefer, since it is the most flexible,for instance if the user should be able to edit the original input later.

Lastly, always htmlencode usergenerated content before outputting it, or you will end in trouble :)

like image 27
Martin Jespersen Avatar answered Oct 05 '22 22:10

Martin Jespersen


If you are okay with literally any other characters being in the string, this will match all strings that don't have the characters <, >, and `:

regexp=/[^<>`]*/;

Edit: corrected expression with line start/end anchors (thanks MizardX):

regexp=/^[^<>`]*$/;
like image 173
Jason Plank Avatar answered Oct 05 '22 22:10

Jason Plank