Print Page

Friday, October 24, 2014

Regular Expression Dialect Gotcha

I was recently updating a Rails application to Rails 4 and as part of that, went through and updated the regular expressions for checking some data inputs from /^ $/ for beginning and end to /\A \z/ to clean up the potential security hole in sneaky multiline inputs. This is fine in Ruby. JavaScript's Regular Expression engine shares the /^ and $/ but does not do the /\A \z/ style. I inadvertently introduced a bug by making that change in a JavaScript regexp that was not tested again until the user used it today. Fixed now, D'oh.

No comments:

Post a Comment