I've got a regex validation on one of the inputs to my application, a file path. Now these only ever come from trusted users (administrators), but it would still be good to catch the most obvious attempts at directory traversal, etc. I've already got a regex that only allows \w then -, . and /. However, I want to stop two dots in a row, so I was wondering how to make the validation fail if it is matched, rather than pass. Is it possible to do this, or should I be worrying about some other regex kung foo?
on 2006-04-12 19:39
on 2006-04-12 20:26
On 4/12/06, David <firstname.lastname@example.org> wrote: > regex kung foo? > You can use a negative lookahead: (Untested, you'll want to check the syntax.) ([\w\-\/]|(?!\.)\.)+ Which, unless I haven't gotten enough sleep, should say "a word character, a hyphen, a forward slash, or a period that isn't followed by another period, one or more times"
on 2006-04-13 11:40
Wilson Bilkovich wrote: > On 4/12/06, David <email@example.com> wrote: >> regex kung foo? > You can use a negative lookahead: (Untested, you'll want to check the > syntax.) > ([\w\-\/]|(?!\.)\.)+ Thanks Wilson! It seems that the following works well: /^([\w\-\/ ]|\.(?!\.))+$/ I had completely forgotten about look-arounds. David