I’ve got a regex validation on one of the inputs to my application, a
file path. Now these only ever come from trusted users
(administrators), but it would still be good to catch the most obvious
attempts at directory traversal, etc.
I’ve already got a regex that only allows \w then -, . and /. However,
I want to stop two dots in a row, so I was wondering how to make the
validation fail if it is matched, rather than pass.
Is it possible to do this, or should I be worrying about some other
regex kung foo?
You can use a negative lookahead: (Untested, you’ll want to check the
syntax.)
([\w-/]|(?!.).)+
Which, unless I haven’t gotten enough sleep, should say “a word
character, a hyphen, a forward slash, or a period that isn’t followed
by another period, one or more times”