asp.net定期EX pression验证客户端脚本错误 [英] asp.net regular expression validator client side script error
问题描述
我有以下的普通恩pression验证器来检测输入字符串是否包含HTML / script标签,如果是这样造成vaidation错误:
< ASP:文本框ID =TXT=服务器/>
< ASP:RegularEx pressionValidator
的ControlToValidate =TXT
=服务器
ID =regexVal
EnableClientScript =真显示=动态
的ErrorMessage =无效的内容
文本=!
ValidationEx pression =>(:(小于吨> [^&所述;] *)?)/>
当我运行承载此标记,我得到的消息语法错误在普通防爆pression一个素文字错误页面。 然而,当我采取相同的正则表达式,并使用正则表达式类从System.Text.RegularEx pressions运行一切正常: 像这样:
正则表达式R =新的正则表达式(>(?:?(小于T> [^<] *)));
r.IsMatch(@< B>这应该引起验证错误< / B>中);
r.IsMatch(这是好的);
我在想什么
更新: 错误似乎是发生在下面的js函数在WebResource.axd的:
函数RegularEx pressionValidatorEvaluateIsValid(VAL){
VAR值= ValidatorGetValue(val.controltovalidate);
如果(ValidatorTrim(值).length == 0)
返回true;
变种RX =新的RegExp(val.validationex pression); //这是导致错误的行
VAR匹配= rx.exec(值);
返程(匹配= NULL和放大器;!&安培;价值==比赛[0]);
}
我觉得问题是,JavaScript不理解分组.NET的正前pression语法。
当您设置 EnableClientScript 到真在 RegularEx pressionValidator ASP.NET重新创建你的正常EX pression在JavaScript中你控制启用客户端验证。在这种情况下,JavaScript不支持语法命名组(小于?T> ...)和非捕获组(? :...)。虽然这些功能都支持.NET JavaScript是疲于应付他们。
从 RegularEx pressionValidator管制(一般参考)在MSDN上:
在客户端,JScript正 EX pression语法。在 服务器,正则表达式语法。因为 JScript正EX pression语法是 正则表达式语法的子集,它是 建议您使用的JScript 以常规EX pression语法 收率上相同的结果均 客户端和服务器。
有两种方法可以解决此:
- 禁用客户端脚本生成和对服务器端的常规EX pression execue。您可以通过设置做到这一点
EnableClientScript到假。 - 修改常规EX pression和删除非捕获组和命名组。如果您需要捕捉你的常规的前pression,在
(...)语法应该在JavaScript和.NET正常工作。这样,你会使用序号引用访问捕获的值($ 1,$ 2等)。像> [^<] *应该发挥作用的。请参见 MSDN上的分组构造。
我想指出几个其他的问题:
- 您原来的定期EX pression似乎并不需要捕获在所有如果你想要做的是检查是否有左尖括号的存在。它可以被改写为
> [^&所述;] *这将是更简单和工作方式完全相同。它不会捕获任何值的原始字符串,但由于您使用的是一个ASP.NET验证控件在这不应该的问题。 - 您正在实施
RegularEx pressionValidator只会工作,如果匹配成功的方式。在你的情况,您的验证将通过,如果你的文本框包含类似>等等。我想你想要的其他方式使用。 - 如果您修改正前pression到
> [^<] *,常规的前pression仍然没有工作,我是怎么想的你想让它。该验证控件尝试匹配在文本框中的所有文本。所以,如果我输入>等等在文本框中,它将匹配,但< B>等等< / B>不会因为常规的前pression表示,该字符串必须以>。我会建议尝试像*> *。[^<] *允许前文>。
I have the following regular expression validator to detect whether an input string contains HTML/script tags and if so cause a vaidation error:
<asp:TextBox ID="txt" runat="server" />
<asp:RegularExpressionValidator
ControlToValidate="txt"
runat="server"
ID="regexVal"
EnableClientScript="true" Display="Dynamic"
ErrorMessage="Invalid Content"
Text="!"
ValidationExpression=">(?:(?<t>[^<]*))" />
When I run the page hosting this markup I get a scipt error with the message "Syntax Error in Regular Expression". However when I take the same regex and run it using Regex class from System.Text.RegularExpressions everything works fine: Like so:
Regex r = new Regex(">(?:(?<t>[^<]*))");
r.IsMatch(@"<b>This should cause a validation error</b>");
r.IsMatch("this is fine");
What am I missing
UPDATE: The error seems to be happening in the following js function in WebResource.axd:
function RegularExpressionValidatorEvaluateIsValid(val) {
var value = ValidatorGetValue(val.controltovalidate);
if (ValidatorTrim(value).length == 0)
return true;
var rx = new RegExp(val.validationexpression); //this is the line causing the error
var matches = rx.exec(value);
return (matches != null && value == matches[0]);
}
I think the problem is that JavaScript does not understand .NET's regular expression syntax for grouping.
When you set EnableClientScript to true on the RegularExpressionValidator ASP.NET re-creates your regular expression in JavaScript to enable client-side validation on you controls. In this case, JavaScript doesn't support the syntax for named groups (?<t>...) and non-capturing groups (?:...). While these features work in .NET JavaScript is struggling with them.
From RegularExpressionValidator Control (General Reference) on MSDN :
On the client, JScript regular expression syntax is used. On the server, Regex syntax is used. Because JScript regular expression syntax is a subset of Regex syntax, it is recommended that you use JScript regular expression syntax in order to yield the same results on both the client and the server.
There are two ways you can correct this:
- Disable the client-side script generation and have the regular expression execue on the server-side. You can do this by setting
EnableClientScripttofalse. - Modify the regular expression and remove the non-capturing groups and named groups. If you need capturing in your regular expression, the
(...)syntax should work correctly in both JavaScript and .NET. You would then use ordinal number references to access captured values ($1,$2, etc.). Something like>[^<]*should work as intended. See Grouping Constructs on MSDN.
I'd like to point out a couple of other issues:
- You original regular expression doesn't seem to need capturing at all if all you want to do is check for the existence of an opening angle bracket. It could be rewritten as
>[^<]*which will be simpler and work exactly the same way. It won't capture any values in the original string, but since you're using it in an ASP.NET validation control this shouldn't matter. - The way you're implementing the
RegularExpressionValidatorwill only work if the match is successful. In your case, your validation will pass if your textbox contains something like>blah. I think you want it to work the other way around. - If you modify the regular expression to
>[^<]*, the regular expression will still not work how I think you intend it to. The validation control tries to match all text in the textbox. So if I enter>blahin the textbox, it will match, but<b>blah</b>won't because the regular expression says that the string must start with a>. I would suggest trying something like.*>.*[^<]*to allow text before the>.
这篇关于asp.net定期EX pression验证客户端脚本错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
