正则表达式白名单输入验证 - 不区分重音 [英] Regex white list for input validation - accent insensitive
问题描述
我希望能够限制用户输入的有效字符白名单,但我不想要阻止来自其他文化的人报名参加。
到目前为止,我有这样的:
^ [A-ZA-Z0-9èéêëàáâãäçìíîïòóôõöùúûü-_] * $
这使得大多数法国口音,但在拉丁字符集口音的名单是巨大的!我宁愿使用白名单,而不是黑名单,以防我错过什么。
的注意的,这将是C#,但我想使用的客户端验证的正则表达式是双方一致的。我的HTML编码,当我将它保存到数据库以及输入。
有使正则表达式不区分重音,但仍然是不够的限制更优雅的方式防止XSS?我不想疏远我的用户。
我希望能够有一些标点符号,但不开放自己为XSS攻击,例如,我希望有人进入他们的公司名称。如果有人曾在雅虎,他们应该能够注册
^ \w + $
你不能只用字母标志,我相信,接受口音。
I'd like to be able to constrain user input to a white list of valid characters, but I don't want to prevent people from other cultures from signing up. So far, I have this:
^[a-zA-Z0-9èéêëàáâãäçìíîïòóôõöùúûü-_]*$
It allows for most French accents, but the list of accents in the latin character set are IMMENSE! I would prefer to use a white list instead of a black list, in case I miss something.
Note, This will be for C# but I'd like to use the regex for client side validation to be consistent on both sides. I'm HTML encoding the input when I save it to the database as well.
Is there a more elegant way of making the regex accent insensitive, but still being restrictive enough to prevent XSS? I don't want to alienate my users.
I would like to be able to have some punctuation but not open myself up for XSS attacks, for example, I want someone to enter their company name: If someone worked at Yahoo!, they should be able to sign up.
^\w+$
Couldn't you just use the alphanumeric flag, I believe that accepts the accents.
这篇关于正则表达式白名单输入验证 - 不区分重音的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!