Skip to content

RegExp A z doesnt work, but thats what Rails 4 requires

I recently switched to Rails 4 and the security requirements no longer seem to allow the use of regular expressions in the style of /^..$/. The error states that regular expressions should instead be written in the style of /A..z/. Making this change seems to resolve all of my server side validation issues, but unfortunately it also broke all of my client side validation in javascript.

A simple example. I want to validate a username to be letters, number, or periods.

The old regex looked like /^[0-9a-zA-Z.]+$/ and worked both server side (Rails 3.x) and client side

new RegExp( /^[0-9a-zA-Z.]+$/ ).test('') = true

The new regex looks like /A[0-9a-zA-Z.]+z/ and works server side but fails client side

new RegExp( /A[0-9a-zA-Z.]+z/ ).test('') = false

So I’m clearly doing something wrong, but I can’t seem to find any explanations. I checked that A..z are valid regex to make sure that its not some Rails-specific hack and it seems to be legit.

Any ideas?



JavaScript does not support A or z in its RegExp.

Here’s some raw data, first for JavaScript:

var a = "hellonworld"
(/^world/).test(a) // false
(/^world/m).test(a) // true
(/hello$/).test(a) // false
(/hello$/m).test(a) // true

Next, for ruby:

a = "hellonworld"
a.match(/^world/) # => #<MatchData "world">
a.match(/Aworld/) # => nil
a.match(/hello$/) # => #<MatchData "hello">
a.match(/helloz/) # => nil

From this, we see that ruby’s A and z are equivalent to JavaScript’s ^ and $ as long as you don’t use the multiline m modifier. If you are concerned about the input having multiple lines, you’re simply going to have to translate your regular expressions between these two languages with respect to these matching characters.