0

I cannot believe it came down to this, but honestly I cannot figure out why browsers do not want to use the symbol pattern I define for password validation.

Take the following example:

<input type="password" id="pwd" name="pwd" pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Must contain at least one number and one uppercase and lowercase letter, and at least 8 or more characters">

Can be reproduced there (taken from here): https://www.w3schools.com/tags/tryit.asp?filename=tryhtml5_input_pattern3

It works accordingly. The moment I try to add symbols requirement as well:

  <input type="password" id="pwd" name="pwd" pattern="(?=.*\d)(?=.*[a-z])(?=.*[~!@#$%^&*+-_/.,{}[\]();:|?<>=]).{8,}" title="Must contain at least one number and one uppercase and lowercase letter, and at least 8 or more characters">

Game over. It won't require a symbol as well, you can submit without symbols and even without numbers.

I have tried all sorts of escaping, it just won't work further than the + sign.

My desired allowance of symbols would be (note, intentionally un-escaped for reading):

~!@#$%^&*+-_/.,\{}[]();:|?<>="'`

I believe the above should cover all symbols to allow users to use strong passwords (usually from password generators).

So the final result for validation would be:

  • At least 8 characters
  • At least one uppercase
  • At least one lowercase
  • At least one symbol (special character)

Can someone shed some light on this please? Is there a specific set of symbols allowed in HTML inputs or I am just not escaping them right?

Many thanks

4b0
  • 21,981
  • 30
  • 95
  • 142
Mecanik
  • 1,539
  • 1
  • 20
  • 50
  • Escape the minus sign `-` in your character list: `(?=.*[~!@#$%^&*+\-_/.,{}[\]();:|?<>=])` – bloodyKnuckles Sep 12 '22 at 07:56
  • @bloodyKnuckles Thanks, that was one of them. I got quickly confused when I was escaping multiple symbols at once. – Mecanik Sep 12 '22 at 08:03
  • OR, put it at the beginning `(?=.*[-~!@#$%^&*+_/.,{}[\]();:|?<>=])` or end: `(?=.*[~!@#$%^&*+_/.,{}[\]();:|?<>=-])`. (There are other locations in the list you can put it but if the previous character causes the hypen `-` to form a range, it negates the inclusion of the entire list.) – bloodyKnuckles Sep 12 '22 at 08:09

3 Answers3

0

I have tested each character individually until I have found the culprit. It seems a bit different than escaping JS based pattern/regex.

Essentially you need to escape the following characters only:

- \ [ ]

The character " does not work.

The final working pattern is:

pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[~!@#$%^&*+\-_/.,\\{}\[\]();:|?<>='`]).{8,}"

With the above you can allow the following symbols:

~ ! @ # $ % ^ & * + - / . , \ { } [ ] ( ) ; : | ? < > = ' `
Mecanik
  • 1,539
  • 1
  • 20
  • 50
-1

you should put your regex between //i like this: 

<input type="password" id="pwd" name="pwd" pattern="/~!@#$%^&*+-_/.,\{}[]();:|?<>="'`/i" ....../>
Mohammad Nazari
  • 137
  • 1
  • 12
  • I do not understand how case sensitivity can help? Also, did you read my question entirely? I need other patterns as well. – Mecanik Sep 12 '22 at 07:40
  • if your problem is in regex validation, you can release this post: [post link](https://stackoverflow.com/questions/19605150/regex-for-password-must-contain-at-least-eight-characters-at-least-one-number-a) – Mohammad Nazari Sep 12 '22 at 07:51
  • Ok, you are officially wasting everyone's time. Sorry. – Mecanik Sep 12 '22 at 07:52
-1

Try this please.

<input type="text" pattern="^(?=.*[A-Za-z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!%*#?&]{8,}$">
Alper
  • 1
  • 1
  • Your pattern does not include all the symbols in question, does not even address the problem at hand. Please revise your answer. – Mecanik Sep 12 '22 at 07:53
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Sep 16 '22 at 10:28