javascript 正则表达式中的否定
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4680098/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
negation in regular expression
提问by Vijay Krishna
I want to use regular expression in JavaScript for form input validation. These is a string which should not have either < , > or any specific set of chars which I mention. The test should pass if the string don't have those chars.
我想在 JavaScript 中使用正则表达式进行表单输入验证。这些是一个字符串,不应包含 < 、 > 或我提到的任何特定字符集。如果字符串没有这些字符,则测试应该通过。
So how can I specify in regular expression not to have a char.
那么如何在正则表达式中指定没有字符。
Example:
例子:
stringX = "vijay<>@$%_"
my objective is
我的目标是
- string should not have '<','>' chars.
- test should pass return true if stringX doesn't have those chars.
- 字符串不应包含 '<','>' 字符。
- 如果 stringX 没有这些字符,则测试应该通过 return true 。
Note:
笔记:
I could do :
我可以做 :
stringX = "vijay<>@$%_"
regExp=/[<>`]/;
if(!rexExp.test(stringX)) {
doSomthing()
}
but I don't want this.
但我不想要这个。
Because I will end up in a small trouble.
因为我最终会遇到一个小麻烦。
I have a generic function called validate()
我有一个名为 validate() 的通用函数
function validate(stringX, regExp)
{
if(rexExp.test(stringX)) { // see there is no "!" in the condition.
return true;
}
}
Let's say I want to validate 2 strings.
假设我想验证 2 个字符串。
- Case 1: havingonly digits. I would use regExp : /^[\d]*$/
- Case 2: not having<,> . I would use regExp: /^[<>`]*$ Since I don't want to specify all characters to be ALLOWED. I would like to specify the chars which are NOT ALLOWED.
- 案例1:具有唯一数字。我会使用正则表达式:/^[\d]*$/
- 情况 2:没有<,> 。我会使用 regExp: /^[<>`]*$ 因为我不想指定所有字符都被允许。我想指定不允许的字符。
But my validate function will work with only in the case 1. As in the case 2, I will not get the expected result. Validate() would give me true only if string has only <,>,` chars.
但是我的验证函数仅适用于情况 1。与情况 2 一样,我不会得到预期的结果。只有当字符串只有 <,>,` 字符时,Validate() 才会给我 true。
回答by Jason Plank
If you are okay with literally any other characters being in the string, this will match all strings that don't have the characters <, >, and `:
如果您同意字符串中的任何其他字符,这将匹配所有不包含字符 <、> 和 ` 的字符串:
regexp=/[^<>`]*/;
Edit:corrected expression with line start/end anchors (thanks MizardX):
编辑:使用行开始/结束锚点更正表达式(感谢 MizardX):
regexp=/^[^<>`]*$/;
回答by Martin Jespersen
The regexp you are looking for is this:
您正在寻找的正则表达式是这样的:
/^[^<>`]*$/
If you are doing this to ensure people don't inject html tags into the input, forget using javascript as validator.
如果您这样做是为了确保人们不会将 html 标签注入到输入中,请忘记使用 javascript 作为验证器。
It will only give you a false sense of security and will not stop anyone from abusing your system.
它只会给您一种虚假的安全感,并不会阻止任何人滥用您的系统。
A better approach is one fo the following:
更好的方法是以下之一:
- strip the charachters serverside
- html encode the input serverside before storing it
- store the input as is, and html encode it whenever you output it
- 剥离字符服务器端
- html 在存储之前对输入服务器端进行编码
- 按原样存储输入,并在输出时对其进行 html 编码
The last solution is the one i usually prefer, since it is the most flexible,for instance if the user should be able to edit the original input later.
最后一个解决方案是我通常更喜欢的解决方案,因为它是最灵活的,例如,如果用户以后应该能够编辑原始输入。
Lastly, always htmlencode usergenerated content before outputting it, or you will end in trouble :)
最后,在输出之前总是对用户生成的内容进行 htmlencode,否则你会遇到麻烦:)
回答by qwertymk
stringX = "vijay<>@$%_"
regEx=/[<>`]/g;
stringX.replace(regEx, '');
