问题
I want to create a function that compares a password against some commonly idiotic ones, so that the user can't pick one of these, but the function I have written so far, when put between script tags, causes no javascript to be recognized (by Firebug). I assume the array creation is at fault.
function unacceptable(pwd){
var unforgivable = [
/password/gi, /*g matches any occurance of sequence, i checks case insensitive*/
/12345678/g,
/8675309/g,
/[a-z]{8,}/gi,
/qwerty/gi,
/asdfg/gi,
/qazwsx/gi,
/zxcvb/gi,
/letmein/gi,
/trustno1/gi,
/omnicloud/gi,
/monkey/gi];
for (var i=0; i<unforgivable.length; i++)
if(pwd.match(unforgivable[i])) return true;
return false;
}
回答1:
You don't need the loop to test every word as you can put them all into one regular expression (separated by the | character) and let the regex engine look for any of them all at once. You could do that like this:
function unacceptable(pwd){
var unforgivable = [
"password",
"12345678",
"8675309",
"[a-z]{8,}",
"qwerty",
"asdfg",
"qazwsx",
"zxcvb",
"letmein",
"trustno1",
"omnicloud",
"monkey"
];
var re = new RegExp(unforgivable.join("|"), "i");
return re.test(pwd);
}
Working demo here: http://jsfiddle.net/jfriend00/cyVbC/
P.S. You don't have to put all the words into an array. You could just predeclare the entire regex, but I thought putting them in the array like this made for more readable code that was easier to maintain.
It could also be this:
var unforgivable = /password|12345678|8675309|[a-z]{8,}|qwerty|asdfg|qazwsx|zxcvb|letmein|trustno1|omnicloud|monkey/i;
function unacceptable(pwd){
return unforgivable.test(pwd);
}
回答2:
I like using Array.some, which will stop iterating through the array as soon as one return value is true:
function unacceptable(pwd){
return [
/password/gi,
/12345678/g,
/8675309/g,
/[a-z]{8,}/gi,
/qwerty/gi,
/asdfg/gi,
/qazwsx/gi,
/zxcvb/gi,
/letmein/gi,
/trustno1/gi,
/omnicloud/gi,
/monkey/gi
].some(function(regexp){
return regexp.test(pwd);
});
}
回答3:
You have a trailing comma. You can't use a trailing comma in javascript.
var unforgivable = new Array(
/password/gi, /*g matches any occurance of sequence, i checks case insensitive*/
/12345678/g,
/8675309/g,
/[a-z]{8,}/gi,
/qwerty/gi,
/asdfg/gi,
/qazwsx/gi,
/zxcvb/gi,
/letmein/gi,
/trustno1/gi,
/omnicloud/gi,
/monkey/gi
)
回答4:
Found this looking for something else and as no one else has mentioned it, it needs mentioning. You should not use blacklists as a means to ensure strong passwords. It's a maintenance hole and leads to more bad passwords that just aren't in your list. Enforce strong password policies instead.
P4ssw0rd! would pass many psuedo strong policies but it would take seconds to crack.
The only effective blacklist is to incldue all word lists and combination scripts used by decryption techniques, this would mean users wait minutes/hours/days to verify if their password is good enough.
I know this doesn't answer the specific question but it does try to advice on what is and isn't effective password validation.
来源:https://stackoverflow.com/questions/8207066/creating-array-of-regular-expressions-javascript