I recently switched to Rails 4 and the security requirements no longer seem to allow the use of regular expressions in the style of /^..$/. The error states that regular expressions should instead be written in the style of /A..z/. Making this change seems to resolve all of my server side validation issues, but unfortunately it also broke all of my client side validation in javascript.
A simple example. I want to validate a username to be letters, number, or periods.
The old regex looked like /^[0-9a-zA-Z.]+$/ and worked both server side (Rails 3.x) and client side
new RegExp( /^[0-9a-zA-Z.]+$/ ).test('myuser.name') = true
The new regex looks like /A[0-9a-zA-Z.]+z/ and works server side but fails client side
new RegExp( /A[0-9a-zA-Z.]+z/ ).test('myser.name') = false
So I’m clearly doing something wrong, but I can’t seem to find any explanations. I checked that A..z are valid regex to make sure that its not some Rails-specific hack and it seems to be legit.
Any ideas?
Advertisement
Answer
JavaScript does not support A or z in its RegExp.
Here’s some raw data, first for JavaScript:
var a = "hellonworld" (/^world/).test(a) // false (/^world/m).test(a) // true (/hello$/).test(a) // false (/hello$/m).test(a) // true
Next, for ruby:
a = "hellonworld" a.match(/^world/) # => #<MatchData "world"> a.match(/Aworld/) # => nil a.match(/hello$/) # => #<MatchData "hello"> a.match(/helloz/) # => nil
From this, we see that ruby’s A and z are equivalent to JavaScript’s ^ and $ as long as you don’t use the multiline m modifier. If you are concerned about the input having multiple lines, you’re simply going to have to translate your regular expressions between these two languages with respect to these matching characters.