Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Regular expression for excluding file types .exe and .js

I am using JQuery File upload plugin, for giving value to the option accept files I need the regular expression which will tells what are the file types to be restricted. I need to restrict both exe and js which i achieved by using below expression

(\.|\/)(!exe|!js)$

But this is expression was not allowing other files as well then I tried adding one extension as below

(\.|\/)(!exe|!js|pdf)$

With Above regular expression it is accepting only pdf and not accepting exe and JS. Now I need to enable for all file extentions except exe and js. It will be difficult to add all the extensions to the expression. Can we mention some how in the expression to accept other filetypes except exe and js in the similar format above. This regular expression is for JS.

Thanks,

Vinay

like image 608
Vinay Avatar asked Apr 20 '14 04:04

Vinay


People also ask

Can we use regular expression to exclude files?

These exclusions can be added either by file type or by using regular expressions (regex).

What is regular expressions used for JS?

Regular expressions are patterns used to match character combinations in strings. In JavaScript, regular expressions are also objects. These patterns are used with the exec() and test() methods of RegExp , and with the match() , matchAll() , replace() , replaceAll() , search() , and split() methods of String .

How do you ignore a regular expression?

To match any character except a list of excluded characters, put the excluded charaters between [^ and ] . The caret ^ must immediately follow the [ or else it stands for just itself.

What is () in regular expression?

The () will allow you to read exactly which characters were matched. Parenthesis are also useful for OR'ing two expressions with the bar | character. For example, (a-z|0-9) will match one character -- any of the lowercase alpha or digit.


2 Answers

This will exclude .js and .exe at the end of the string, but allow anything else:

/^[^.]+$|\.(?!(js|exe)$)([^.]+$)/

Broken down:

  1. ^[^.]+$ matches any string with no dots
  2. \.(?!(js|exe)$)([^.]+$) matches a dot only if it is not followed by js or exe at the end of the string.

The following are allowed:

  • something.js.notjs
  • somethingelse.exee
  • /something.js/foo

The following are not allowed:

  • jquery.js
  • outlook.exe

Note: excluding certain file extensions is not a substitute for security, and even if it were JS and EXE files would not be a comprehensive blacklist. If your purpose in excluding certain extensions is to protect your server or your users, consider a white list of extensions and a thorough validation of file data after upload.

like image 137
eyelidlessness Avatar answered Sep 29 '22 01:09

eyelidlessness


You're looking to use the (?!pattern) syntax. Also, while stating what you want to match, you aren't stating what should match. So this should do the trick:

(\.|\/)(?!exe|js).*$

This is saying "Match anything that's a dot (.) as long as it's not followed by 'exe' or 'js', and then match whatever you want after that."

like image 44
David Maddox Avatar answered Sep 29 '22 00:09

David Maddox