我试图拿出一个验证的表述,以防止用户进入html或javascript tags进入一个网页上的评论箱。
下面一行对单一案文的罚款:
^(?!.*(<|>)).*$
但是,由于权宜之计,它赢得了任何新路线的许可。 如果是这样的话:
^(?!.*(<|>))(.|s)*$
它将允许多条线路,但只允许配对;而且,第一行。 我需要这样做。
罚款:
^[-_sdw" .,:;#/&$\%?!@+*\()]{0,4000}$
但它很奇怪,而且我担心,它会因为使用多种语言而使一些用户破碎。
任何想法? 感谢!
请注意,您的RE使用户无法在任何情形下进入<和>。 例如,“2 > 1” 这是非常不可取的。
而不是试图使用。 简单地从<代码><和>通过将其改为<和>。 另一种做法是,为你的语文选择找到一揽子方案,实施白色名单,允许有限地排出超文本,或支持自己的标记语言(我听到markdown是 n)。
至于“不匹配新线特性”,一些管制实施支持国旗(通常为“多线”和“单一线”的“m”;后者则“与新线相匹配”来控制这种行为。
头两个基本相当于<代码>/[^<>]*$/,但关于多线体的工程除外。 为什么你不这样写了该项保留?
因此,我审视了这一问题,并有一个“网络单一语言”定期表达办法,“也符合新的线性。 不幸的是,在伙伴关系中,这一天线可供使用。 经常资源净额 鉴定人。 就我所知,没有任何办法做像^(!)(<w+>)]关于多线文本箱的工作,而不做服务器方面的验证。
我采纳了你的建议,走了服务器一侧的tag子的路。 这需要确定验证页指令,以伪造,但在这种情况下,由于评论箱确实是引起担忧的唯一东西。
Recently I discovered two amazing regular expression features: ?: and ?!. I was curious of other neat regex features. So maybe you would like to share some tricky regular expressions.
I need to remove image tags from text, so both versions of the tag: <img src="" ... ></img> <img src="" ... />
How do I, using preg_replace, replace more than one underscore with just one underscore?
I was trying to write a regexp to replace all occurrences of with unless the is already preceeded immediately by a . I m doing this in Ruby 1.8.6 which doesn t support look behind in ...
Specifically, I have an array of strings called val, and want to replace all instances of "%{n}%" in the input with val[n]. More generally, I want the replace value to be a function of the match ...
I have the following log entry that I am processing in PowerShell I m trying to extract all the activity names and durations using the -match operator but I am only getting one match group back. I m ...
I m building a lexical analysis engine in c#. For the most part it is done and works quite well. One of the features of my lexer is that it allows any user to input their own regular expressions. This ...
I need a regex for four-digit numbers separated by comma ("default" can also be a value). Examples: 6755 3452,8767,9865,8766,3454 7678,9876 1234,9867,6876,9865 default Note: "default" ...