• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Validating user input: checking for illegal characters

 
Jill Smythe
Greenhorn
Posts: 11
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
I'm trying to validate user input gathered from a form with JavaScript, but am having difficulty with one field. I need to prevent a user entering any illegal characters in the text box. These illegal characters are:
white space [ ] ( ) = , " / ? @ : ;
So, for example the following is not allowed: group(1, 2?)
I think I should do this with a regular expression and have something like the following:
function checkInput(input) {
var illegalChars = new RegExp(/[\s[]()=,"/?@:;]/);
return input.test(illegalChars);
}
but would really appreciate it if someone who really knows JavaScript could help me out with this RegExp!
Thanks in advance,
Jill
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 33702
316
Eclipse IDE Java VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jill,
I think you need to separate each special character with the or symbol. For example, [|]|(|) etc. Also, you need to escape the ? with \? because ? has a special meaning in regular expressions.
 
Tom Blough
Ranch Hand
Posts: 263
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jill, I'm a firm believer in the paradigm that it is better to PREVENT the user from making a mistake instead of CORRECTION them when they do. To that end, the following function only allows a limited set of character to be entered into a text box or other input field:

Some examples of it's use:

The current function is case insensitive, some minor modifications will make it case sensitive if you need that capability.

Tom Blough
[ February 13, 2004: Message edited by: Tom Blough ]
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 33702
316
Eclipse IDE Java VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tom,
Would you still need to check at the end that the textbox contains only valid characters? What if the user typed ctrl-v to get the contents of the clipboard?
 
Tom Blough
Ranch Hand
Posts: 263
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Good point, Jeanne! You would need to implement an onChange routine that would filter the pasted input as well.
Tom
 
Yuriy Fuksenko
Ranch Hand
Posts: 413
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Be carefull about on change - there is a funny issue with it on IE
Let say you have the following code:
<input name="x" onchange="this.value=3;">
If you type, for example 2 in this field, than click somewhere else, onchange fires, and changes it to 3. So, you go to that field again, and delete this three, and type something, and click somewhere else - you would expect your onchange to fire. It will, for everything except 2 !!!. Somewhere deep inside IE doesn't take changes your script made into account to define does the value chnged or not.
By the way, personally, I would prefer to do validation server side.
Here is a reason - let say somebody out of "curiosity" sets values on your form directly using javascript - what would your server do?
If you server does not check what goes to a database, it could be a security hole. And if you validate it on server - why would you do it twice?
Simple example:
Let say you have a field named "City".
On server side you create a SQL like this:
"Select * from users where city='" + city + "'";
Now, user types in browser addres bar:
javascript:document.forms[0].City.value="';delete from users where city like '%";document.forms[0].submit();
Your query will look like:
"Select * from users where city='';delete * from users where city like '%'"
[ February 16, 2004: Message edited by: Yuriy Fuksenko ]
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic