[
https://issues.apache.org/jira/browse/TAP5-2362?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christian Næser Lindequist updated TAP5-2362:
---------------------------------------------
Description:
Client and server side validation using regular expressions is inconsistent: On
the client side RegExp.test is used, which returns true if the pattern is found
anywhere in the string, while on the server side Matcher.matches is used, which
only returns true if the entire string matches the pattern. This leads to
situations where the client side validation may succeed and then fail on the
server side.
Proposed solutions:
# In the Regexp validator, replace matcher.matches() with matcher.find() to
match the current behavior of client side validation, or
# Make sure that client side validation also matches the entire string
Option 1 may have more repercussions than option 2, because using
Matcher.find() may cause strings that previously failed validation to now
succeed validation, unless the regex was already on the form "^pattern$".
Option 1 also provides most flexibility, however, because it allows using
regular expressions that match only part of the string.
was:
Client and server side validation using regular expressions is inconsistent: On
the client side RegExp.test is used, which returns true if the pattern is found
anywhere in the string, while on the server side Matcher.matches is used, which
only returns true if the entire string matches the pattern. This leads to
situations where the client side validation may succeed and then fail on the
server side.
Proposed solutions:
# In the Regexp validator, replace matcher.matches() with matcher.find() to
match the current behavior of client side validation, or
# Make sure that client side validation also matches the entire string
Option 1 may have more repercussions than option 2, because using
Matcher.find() may cause strings that previously failed validation to succeed
validation, unless the regex was already on the form "^pattern$".
> Client and server side validation using regular expressions is inconsistent
> ---------------------------------------------------------------------------
>
> Key: TAP5-2362
> URL: https://issues.apache.org/jira/browse/TAP5-2362
> Project: Tapestry 5
> Issue Type: Bug
> Components: tapestry-core
> Affects Versions: 5.4
> Reporter: Christian Næser Lindequist
> Priority: Critical
> Fix For: 5.4
>
>
> Client and server side validation using regular expressions is inconsistent:
> On the client side RegExp.test is used, which returns true if the pattern is
> found anywhere in the string, while on the server side Matcher.matches is
> used, which only returns true if the entire string matches the pattern. This
> leads to situations where the client side validation may succeed and then
> fail on the server side.
> Proposed solutions:
> # In the Regexp validator, replace matcher.matches() with matcher.find() to
> match the current behavior of client side validation, or
> # Make sure that client side validation also matches the entire string
> Option 1 may have more repercussions than option 2, because using
> Matcher.find() may cause strings that previously failed validation to now
> succeed validation, unless the regex was already on the form "^pattern$".
> Option 1 also provides most flexibility, however, because it allows using
> regular expressions that match only part of the string.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
