0

I would like to validate and sanitize an input e.g "search" coming from a GET form request but i'm missing something about Javascript pattern matching.

This is the function where i'm currently working on:

function jsValidationAndSanitization() { /** Validate and sanitize every input that comes from an HTML form. @return boolean **/ var submittedInput = document.forms["form"]["search_input"].value; if (submittedInput == "") { alert("error: empty input"); return false; } if (submittedInput != "") { // admitted chars ( white list ) var wl_pattern = /[A-z][0-9]/; // loop for every chars in the submitted string for (char in submittedInput) { // if a bad char is present on the string return false var result = char.match(wl_pattern); // INVERT THE MATCH OF RE HERE alert(result); return false; } return true; } }
<form action="" method="GET" id="form" onsubmit="return jsValidationAndSanitization()"> <fieldset> <legend>Test box</legend> <label for="search" id="search_input">Search</label> <input type="text" id="search_input" name="search_input" /> <input type="submit" id="submit" value="submit" /> </fieldset> </form>

So i'm triyng to invert the matches ( only chars and numbers ) of of Javascript pattern matching but actually i didn't find a pretty way to do it and complete the function.

Any suggestions about it ?

Improve this question
3
  • 1
    Regular expressions can check more than one character at the same time, so a better regex would remove the need for looping the chars. Your approach will work as well, but then you need to do something with 'result'. With the perfect regexp, the entire function would be return someRegExp.test( submittedInput ); I have no idea what you mean with 'inverting the matching' or how that helps you solve this issue. Other ways, outside of JS are to use input type number instead of input type text or using the pattern attribute of inputs to put the regexp for validation there. Commented Apr 11, 2019 at 14:50
  • 1
    On the server end - do identical sanitizationas well. Commented Apr 11, 2019 at 15:07
  • I want to invert the match of the input.match (typos first), just only the chars and numbers admitted, simply because i want to use the white list approach, the concept it's how @Harry Chilinguerian said below. Commented Apr 11, 2019 at 15:50

1 Answer 1

Reset to default
2

You don't have to pattern match every character you could just match the string, and you could just return a match for any character outside of A-z or 0-9. The regexp match method returns an object if it finds a match and a null if nothing is found so in this to turn it to a boolean just prepend with an !, this will invert it, if you want to just turn it to a boolean then prepend with a !!.

function jsValidationAndSanitization() { /** Validate and sanitize every input that comes from an HTML form. @return boolean **/ var submittedInput = document.forms["form"]["search_input"].value; if (submittedInput == "") { console.log("error: empty input"); return false; } if (submittedInput != "") { // non-admitted chars ( black list ) var wl_pattern = /[^A-z0-9]+/; var result = submittedInput.match(wl_pattern); if (result) { console.log(result); } return !result; } return false; // Catch all to return false }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments