Reputation: 3036
JSLint "insecure ^" in regular expression
JSLint reports Insecure '^' for the following line. Why is that? Or is it just going to complain any time I want to negate a character class?
// remove all non alphanumeric, comma and dash characters
"!$7s-gd,&j5d-a#".replace(/[^\w,\-]/g, '');
Upvotes: 43
Views: 17329
Answers (3)
Reputation: 9354
regexp: true
in your lint options, will allow
. and [^...] in /RegExp/
you can configure the rules you would like to use here
Upvotes: 6
Reputation: 4612
Consider using \W instead of /^\w/
"!$7s-gd,&j5d-a#".replace(/\W/g, '');
For your particular case this would not work because you want to leave comma and dash characters, but I think it is worth mentioning.
Upvotes: 0
Reputation: 630569
It only will do this if you have the option selected at the bottom:
Disallow insecure . and [^...] in /RegExp/
From the docs:
true if . and [^...] should not be allowed in RegExp literals. These forms should not be used when validating in secure applications.
So the answer your question, if you start a regex with ^ and it's checked, yes it'll throw the error every time. The issue is with unicode characters, you're allowing pretty much anything in there and there's potential for security issues, or validation bypassing issues. Instead of disallowing something (which can be bypassed), allow only what characters are valid.
Upvotes: 38
Related Questions
- JSLint reports "Insecure ^" for my regex -- what does that mean?
- Negation of regular expression pattern in JavaScript
- Negation of regular expression
- negation in regular expression
- Is there a way to make JSLint happy with this regex?
- escape carret sign '^' in regular expression
- Negated character not working as expected ? ^
- JSLint Regexp Violation Quandry
- How to write correct regex so JSLint will validate?
- Purpose of JSLint "disallow insecure in regex" option