Skip to content
Advertisement

RegExp A z doesnt work, but thats what Rails 4 requires

I recently switched to Rails 4 and the security requirements no longer seem to allow the use of regular expressions in the style of /^..$/. The error states that regular expressions should instead be written in the style of /A..z/. Making this change seems to resolve all of my server side validation issues, but unfortunately it also broke all of my client side validation in javascript.

A simple example. I want to validate a username to be letters, number, or periods.

The old regex looked like /^[0-9a-zA-Z.]+$/ and worked both server side (Rails 3.x) and client side

new RegExp( /^[0-9a-zA-Z.]+$/ ).test('myuser.name') = true

The new regex looks like /A[0-9a-zA-Z.]+z/ and works server side but fails client side

new RegExp( /A[0-9a-zA-Z.]+z/ ).test('myser.name') = false

So I’m clearly doing something wrong, but I can’t seem to find any explanations. I checked that A..z are valid regex to make sure that its not some Rails-specific hack and it seems to be legit.

Any ideas?

Advertisement

Answer

JavaScript does not support A or z in its RegExp.

Here’s some raw data, first for JavaScript:

var a = "hellonworld"
(/^world/).test(a) // false
(/^world/m).test(a) // true
(/hello$/).test(a) // false
(/hello$/m).test(a) // true

Next, for ruby:

a = "hellonworld"
a.match(/^world/) # => #<MatchData "world">
a.match(/Aworld/) # => nil
a.match(/hello$/) # => #<MatchData "hello">
a.match(/helloz/) # => nil

From this, we see that ruby’s A and z are equivalent to JavaScript’s ^ and $ as long as you don’t use the multiline m modifier. If you are concerned about the input having multiple lines, you’re simply going to have to translate your regular expressions between these two languages with respect to these matching characters.

User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement