发表新帖
发表新帖

ASP.NET Regular Expression Validator (Password Strength)

前端 未结
关注
3 1802
渐次进展
渐次进展 2021-02-03 11:32

I have a validation control that has the following expression:

(?=(.*\\\\d.*){2,})(?=(.*\\\\w.*){2,})(?=(.*\\\\W.*){1,}).{8,}

That\'s a passwor

相关标签:
3条回答
  • 自闭症患者
    2021-02-03 11:52

    (?=(.*\W.*){0,}) is not 0 non-alphanumeric characters. It is at least 0 non-alphanumeric characters. If you wanted the password to not contain any non-alphanumeric characters you could do either (?!.*\W) or (?=\w*$).

    A simpler solution would be to skip the \W look-ahead, and use \w{8,} instead of .{8,}.

    Also, \w includes \d. If you wanted just the alpha you could do either [^\W\d] or [A-Za-z].

    /^(?=(?:.*?\d){2})(?=(?:.*?[A-Za-z]){2})\w{8,}$/

    This would validate the password to contain at least two digits, two alphas, be at least 8 characters long, and contain only alpha-numeric characters (including underscore).

    • \w = [A-Za-z0-9_]
    • \d = [0-9]
    • \s = [ \t\n\r\f\v]

    Edit: To use this in all browsers you probably need to do something like this:

    var re = new RegExp("^(?=(?:.*?\\d){2})(?=(?:.*?[A-Za-z]){2})\\w{8,}$");
if (re.test(password)) { /* ok */ }

    Edit2: The recent update in the question almost invalidates my whole answer. ^^;;

    You should still be able to use the JavaScript code in the end, if you replace the pattern with what you had originally.

    Edit3: OK. Now I see what you mean.

    /^(?=.*[a-z].*[a-z])(?=.*[0-9].*[0-9]).{3,}/.test("password123") // matches
/^(?=.*[a-z].*[a-z])(?=.*[0-9].*[0-9]).{4,}/.test("password123") // does not match
/^(?=.*[a-z].*[a-z]).{4,}/.test("password123")                   // matches

    It seems (?= ) isn't really zero-width in Internet Explorer.

    http://development.thatoneplace.net/2008/05/bug-discovered-in-internet-explorer-7.html

    Edit4: More reading: http://blog.stevenlevithan.com/archives/regex-lookahead-bug

    I think this can solve your problem:

    /^(?=.{8,}$)(?=(?:.*?\d){2})(?=(?:.*?[A-Za-z]){2})(?=(?:.*?\W){1})/
new RegExp("^(?=.{8,}$)(?=(?:.*?\\d){2})(?=(?:.*?[A-Za-z]){2})(?=(?:.*?\\W){1})")

    The (?=.{8,}$) needs to come first.

    0 讨论(0)
  • 不思量自难忘°
    2021-02-03 11:52

    This will get you 2 min digits, 2 min characters, and min 8 character length... I refuse to show you how to not allow users to have non-alphanumeric characters in their passwords, why do sites want to enforce less secure passwords?

    ^(?=.*\d{2})(?=.*[a-zA-Z]{2}).{8,}$
    0 讨论(0)
  • 迷失自我
    2021-02-03 11:59

    How about one of the existing jQuery based password strength validators - like: http://scripts.simplythebest.net/4/Ajax-Password-Strength-Meter-software.html

    0 讨论(0)
 看不清?
提交回复
热议问题