JSLint reports “Insecure ^” for my regex — what does that mean?
I\'m trying to get my Javascript code 100% JSLint clean.
I\'ve got a regular expression:
linkRgx = /https?:\\/\\/[^\\s;|\\\\*\'\"!,()<>]+/g;
<
-
[^\s;|\\*'"!,()<>]matches any ASCII character other than the ones listed, and any non-ASCII character. Since JavaScript strings are Unicode-aware, that means every character known to Unicode. I can see a lot of potential for mischief there.Rather than disable the warning, I would rewrite the character class to match the characters you do want to allow, as this regex from the Regular Expressions Cookbook does:
/\bhttps?:\/\/[-\w+&@#/%?=~|$!:,.;]*[\w+&@#/%=~|$]/g讨论(0) -
(answering my own question) I did some digging... JSLint documentation says:
Disallow insecure . and [^...]. in /RegExp/ regexp: true if . and [^...] should not be allowed in RegExp literals. These forms should not be used when validating in secure applications.
What I have done is disable the JSLint error for the offending line (as I'm not dealing with needing to be secure from potentially malicious user input:
/*jslint regexp: false*/ .... Javascript statement(s) .... /*jslint regexp: true*/讨论(0) -
You should use:
/*jslint regexp: true*/ linkRgx = /https?:\/\/[^\s;|\\*'"!,()<>]+/g; /*jslint regexp: false*/讨论(0)
加载中...
- 热议问题