negation in regular expression

Question

I want to use regular expression in JavaScript for form input validation. These is a string which should not have either < , > or any specific set of chars which I mention. The test should pass if the string don't have those chars.

So how can I specify in regular expression not to have a char.

Example:

stringX = "vijay<>@$%_"

my objective is

string should not have '<','>' chars.
test should pass return true if stringX doesn't have those chars.

Note:

I could do :

stringX = "vijay<>@$%_"
regExp=/[<>`]/; 
if(!rexExp.test(stringX)) {
  doSomthing()
}

but I don't want this.

Because I will end up in a small trouble.

I have a generic function called validate()

function validate(stringX, regExp)
{
   if(rexExp.test(stringX)) {  // see there is no "!" in the condition.
      return true;
    }
}

Let's say I want to validate 2 strings.

Case 1: having only digits. I would use regExp : /^[\d]*$/
Case 2: not having <,> . I would use regExp: /^[<>`]*$ Since I don't want to specify all characters to be ALLOWED. I would like to specify the chars which are NOT ALLOWED.

But my validate function will work with only in the case 1. As in the case 2, I will not get the expected result. Validate() would give me true only if string has only <,>,` chars.

What you did seems straightforward. What don't you like about it? — Wayne Conrad, Jan 13 '11 at 13:18
i updated my problem above. since i have a generic validate() function i was was in a situation where i have to say the negation. — Vijay Krishna, Jan 17 '11 at 05:10

Jason Plank · Accepted Answer · 2011-01-13T14:36:38.210

10

If you are okay with literally any other characters being in the string, this will match all strings that don't have the characters <, >, and `:

regexp=/[^<>`]*/;

Edit: corrected expression with line start/end anchors (thanks MizardX):

regexp=/^[^<>`]*$/;

edited Jan 13 '11 at 14:36

answered Jan 13 '11 at 12:43

Jason Plank

2,336
5
31
40

2

Add anchors `^` and `$` to that and it should work. Without them it will always match the empty substring at the start. – Markus Jarderot Jan 13 '11 at 14:20

score 4 · Answer 2 · answered Jan 13 '11 at 14:44

The regexp you are looking for is this:

/^[^<>`]*$/

If you are doing this to ensure people don't inject html tags into the input, forget using javascript as validator.

It will only give you a false sense of security and will not stop anyone from abusing your system.

A better approach is one fo the following:

strip the charachters serverside
html encode the input serverside before storing it
store the input as is, and html encode it whenever you output it

The last solution is the one i usually prefer, since it is the most flexible,for instance if the user should be able to edit the original input later.

Lastly, always htmlencode usergenerated content before outputting it, or you will end in trouble :)

I have taken care at the server side to validate and strip the characters. But i dont want to do a server call when i already know that <,> are not allowed at the client side. So i would like to inform the user if he has entered these characters with out waiting for a server side validation. — Vijay Krishna, Jan 17 '11 at 04:41

score 0 · Answer 3 · answered Jan 13 '11 at 13:01

0

stringX = "vijay<>@$%_"
regEx=/[<>`]/g; 
stringX.replace(regEx, '');

answered Jan 13 '11 at 13:01

qwertymk

34,200
28
121
184

negation in regular expression

3 Answers3

Linked