JSLint将“不安全^"报告为“不安全".对于我的正则表达式-这是什么意思? [英] JSLint reports "Insecure ^" for my regex -- what does that mean?

问题描述

我正在尝试使我的Javascript代码100％JSLint干净.

I'm trying to get my Javascript code 100% JSLint clean.

我有一个正则表达式:

 linkRgx = /https?:\/\/[^\s;|\\*'"!,()<>]+/g;

JSLint报告:

 Insecure '^'

什么使使用字符集不安全"的否定?

What makes the use of the negation of the character set "insecure" ?

推荐答案

[^\s;|\\*'"!,()<>]匹配列出的字符以外的所有ASCII字符，以及任何非ASCII字符.由于JavaScript字符串可识别Unicode，因此这意味着Unicode已知的每个字符.我在那里看到了很多潜在的恶作剧可能性.

[^\s;|\\*'"!,()<>] matches any ASCII character other than the ones listed, and any non-ASCII character. Since JavaScript strings are Unicode-aware, that means every character known to Unicode. I can see a lot of potential for mischief there.

我将重写字符类以匹配您要想要允许的字符，而不是禁用警告，就像来自

Rather than disable the warning, I would rewrite the character class to match the characters you do want to allow, as this regex from the Regular Expressions Cookbook does:

/\bhttps?:\/\/[-\w+&@#/%?=~|$!:,.;]*[\w+&@#/%=~|$]/g

这篇关于JSLint将“不安全^"报告为“不安全".对于我的正则表达式-这是什么意思?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！