javascript new regexp dynamic - javascript

I am creating a dynamic regex but I have a problem with how to escape character so can one put some light on this?
I am using PHP with some backend configuration and admin can add regexp from backend to validate invalidate character and I am getting this value on the PHP so what I did
var regex = RegExp(<?php echo $regex ?>);
but I am getting the error like SyntaxError: Invalid regular expression: I know I need to escape the dynamic character but not sure how.
EDIT
I am trying this value from backend
<>{}[\]!##$+=%^*()/;
New EDIT
As per the #anubhava suggested I am escaping the special character by preg_quote() but on Regex.test it always fails I mean it always getting the false even though It should return true.
Here is my code,
var invalidCharRe = new RegExp(SOME_MY_VARIABLE);
var result = invalidCharRe.test(value)
Where SOME_MY_VARIABLE is a dynamic special character(which I am getting from PHP by preg_quote() and value is my textbox value

Since you're using php to echo your regex you can leverage php's preg_quote function to escape all special regex meta-characters beforehand like this:
var regex = /<?php echo preg_quote($regex, '/'); ?>/
Note that there is no need to call new RegExp here since Javascript will be always be getting a static string for regex.

Related

RegEx to search for a href="something" pattern

I know RegEx should not be used for parsing HTML, but I'm unable to use any other solution, so I'm stuck with this
I got this for URI.js:
/\b((?:[a-z][\w-]+:(?:\/{1,3}|[a-z0-9%])|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'".,<>?«»“”‘’&quote]))/ig
However it doesn't work very well, so I wanted to add a prefix that would search only for strings starting with href=
Ended up with something like this (which works in the RegEx tester):
href\=\"\b((?:[a-z][\w-]+:(?:\/{1,3}|[a-z0-9%])|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'".,<>?«»“”‘’&quote]))
But when compiled, it throws "illegal character" error. Not sure if it's the " or = that causes that.
JS code:
matches_temp = result_content.match(href\=\"\b((?:[a-z][\w-]+:(?:\/{1,3}|[a-z0-9%])|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'".,<>?«»“”‘’&quote])));
result_content is taken from the DB.
You need the slashes that say this is a regex, sort of how like quotes say that this value is a string. So .match(regex) should be .match(/regex/). Take a look:
var result_content = 'blah';
var matches_temp = result_content.match(/href\=\"\b((?:[a-z][\w-]+:(?:\/{1,3}|[a-z0-9%])|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'".,<>?«»“”‘’&quote]))/);
console.log(matches_temp[1]);

Regex javascript to only return a value and not full match

How do we do look behind in java script like we can in java or php?
RegEx works for php parser using lookbehind
Here is the working Regex using php parser.
(?<=MakeName=)(.*?)([^\s]+)
This produces the value
(MakeName=)(.*?)([^\s]+)
this produces the match + value
xml response to extract value from.
<ModelName="Tacoma" MakeName="Tundra" Year="2015">
I just need the value
There is no look-behind in JavaScript.
If you are sure the attribute MakeName is present in the input, then you could use this regular expression:
/[^"]*(?!.*\sMakeName\s*=)(?="([^"]*"[^"]*")*[^"]*$)/
It grabs the first series of characters that do not contain a double quote and have a double quote immediately following it, with an even number of double quotes following after that until the end of the input (to make sure we are matching inside a quoted string), but MakeName= should not occur anywhere after the match.
This is of course still not bullet proof, as it will fail for some boundary cases, like with single quoted values.:
<ModelName="Tacoma" MakeName='Tundra' Year="2015">
You could resolve that, if needed, by repeating the same pattern, but then based on single quotes, and combining the two with an OR (|).
Demo:
var s = '<ModelName="Tacoma" MakeName="Tundra" Year="2015">';
result = s.match(/[^"]*(?!.*\sMakeName\s*=)(?="([^"]*"[^"]*")*[^"]*$)/);
console.log(result[0]);

Implementing regex to find span with class inside javascript file

I am using regex in python to find <span class="dlog"...>Whatever you want to put here</span>, and have been using pythex and crossreferencing regexpal to match the case. However, inside of my javascript file, where I am defining a variable containing the regex, as follows:
var tokenRe = /<span class=\"dlog\"(.*?)\>(.*?)\</span>/;
I am getting an error: SyntaxError: Invalid regular expression: missing /. Thus, I need help trying to implement this regex inside of my javascript file.
Thanks !
You did not escape the slash for </span. You also don't need so many escapes because of the regex literals:
var tokenRe = /<span class="dlog"(.*?)>(.*?)<\/span>/

How to find out if a given string is HTML Escaped or not?

Is there any method to find out if the given string is HTML Escaped or not?
Consider the following javascript code:
<script>
var str="hello";
var str_esc=escape(str);
document.write(isHTMLEscaped(str)) // *Should print False*
document.write(isHTMLEscaped(str_esc)); // *Should print True*
</script>
Is there any method equivalent to isHTMLEscaped in the above case?
I found that using
escape(unescape(str))
will always provide an escaped string. And the unescape string will do nothing unless the string itself contains escaped expressions.
Note: should have used encodeURI(decodeURI(str)) instead as escape is now depreciated.
As "hello"==escape("hello"), no, you can't at all guess if escaping was applied.
If you want to know if it's probable that the string has been escaped, then you might test
var wasProbablyEscaped = /%\d\d/.test(str);
var wasProbablyNotEscaped = !wasProbablyEscaped && /%\d\d/.test(escape(str));
as escaping adds % followed by two digits when something has to be escaped. But you can't be totally sure as some strings don't change when you escape them.
In your case, I'd probably advise you not to escape if wasProbablyEscaped is true.

How do I escape content that might include a quotation mark?

I'm wanting to capture my search terms and pass them to a JavaScript variable, but I don't know how to handle quotes that might come through.
Here's what I have currently:
var searchTerms = "<!--#echo var="terms"-->";
var pattern = / /g;
newSearchTerms = searchTerms.replace(/[^a-zA-Z 0-9]+/g,'');
var searchStr=newSearchTerms.replace(pattern,"_");
I'm concerned that should "terms" contain double quotes (or an apostrophy if I use single quotes in the JS) then my function will fail.
How do I escape the string before it gets into script?
Thanks,
Steve
Edit/answer: I ended up doing this by moving this to an external script that captured and parsed the querystring rather than echoing it in the HTML.
If terms contains quotation marks, by the time you have done var searchTerms = "<!--#echo var="terms"-->"; it is already too late to replace any quotation marks, your JavaScript will be invalid. For example, if terms contains These are the "terms" your JavaScript would appear as follows (and produce a syntax error in the browser):
var searchTerms = "These are the "terms"";
If you are sure terms only contains double-quotes, you could do:
var searchTerms = '<!--#echo var="terms"-->';
If it could contain both single-quotes and double-quotes, you need to sanitize the output on the server using a server-side technology more sophisticated than <!--#echo var="..."-->.
From your code it looks like you're using Apache SSI includes. The echo SSI has an attribute called encoding which wil let you specify url-style encoding. You can encode quotes this way and simply unencode in Javascript with unescape()
Try this:
var terms = "<!--#echo encoding="url" var="terms"-->";
terms = unescape(terms)
i would add a javascript to the onchange event for the search textbox. capture the keystroke and ignore the quotes and any other special characters that might be entered. if the input is coming from the server side, then sanitize it before sending it to your script.

Categories