正则表达式白名单输入验证 - 不区分重音 [英] Regex white list for input validation - accent insensitive

问题描述

我希望能够限制用户输入的有效字符白名单，但我不想要阻止来自其他文化的人报名参加。
到目前为止，我有这样的：

  ^ [A-ZA-Z0-9èéêëàáâãäçìíîïòóôõöùúûü-_] * $ 
  

这使得大多数法国口音，但在拉丁字符集口音的名单是巨大的！我宁愿使用白名单，而不是黑名单，以防我错过什么。

的注意的，这将是C＃，但我想使用的客户端验证的正则表达式是双方一致的。我的HTML编码，当我将它保存到数据库以及输入。

有使正则表达式不区分重音，但仍然是不够的限制更优雅的方式防止XSS？我不想疏远我的用户。

我希望能够有一些标点符号，但不开放自己为XSS攻击，例如，我希望有人进入他们的公司名称。如果有人曾在雅虎，他们应该能够注册

解决方案

  ^ \w + $ 
  

你不能只用字母标志，我相信，接受口音。

I'd like to be able to constrain user input to a white list of valid characters, but I don't want to prevent people from other cultures from signing up. So far, I have this:

^[a-zA-Z0-9èéêëàáâãäçìíîïòóôõöùúûü-_]*$

It allows for most French accents, but the list of accents in the latin character set are IMMENSE! I would prefer to use a white list instead of a black list, in case I miss something.

Note, This will be for C# but I'd like to use the regex for client side validation to be consistent on both sides. I'm HTML encoding the input when I save it to the database as well.

Is there a more elegant way of making the regex accent insensitive, but still being restrictive enough to prevent XSS? I don't want to alienate my users.

I would like to be able to have some punctuation but not open myself up for XSS attacks, for example, I want someone to enter their company name: If someone worked at Yahoo!, they should be able to sign up.

解决方案

^\w+$

Couldn't you just use the alphanumeric flag, I believe that accepts the accents.

这篇关于正则表达式白名单输入验证 - 不区分重音的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！