Validate text Area

Question

I am creating and Activity and I need to validate the correct input type in a Text Area. I want to avoid any XSS or Mysql Injection.

I want to accept [a-z] [A-Z] [0-9] [.] [,] and whitespace.

The only thing that I got by now is:

Pattern pattern_ = Pattern.compile("^[:alpha:]+(?:(?:\\s+|-)[:alpha:]+)*$");

How would you implement that?

Answer 1

Why don't just do this:

Pattern pattern_ = Pattern.compile("^[a-zA-Z0-9\.,\s]+$");

Answer 2

Exactly what you asked for

If you only want to accept exactly the characters [a-z], [A-Z], [0-9], ., and ,, the most direct way of doing that is to match the regular expression ^[a-zA-Z0-9.,\s]*$. (See this on Regexr.)

Why that's not a good idea

Depending on the data, severely restricting the input like this is not a good idea.

If your data entry field is for people's names, it won't allow people to enter names with accented characters, or names in languages other than English. Thévenin (a French name) would be out because it contains an accented é. The Chinese family name 伟 would also be illegal. The Greek name Αφρουδάκης would be entirely illegal.

What you should do instead

Your language should have ways of sanitizing input data. These will prevent SQL or XSS attacks without prohibiting otherwise harmless data like 伟. Refer to this question for a general overview of input sanitization: What are the best PHP input sanitizing functions?