Reputation: 15685
Form validation client side and server side
Validation for an html form should be done on both side, with also regex on both side.
Client side: display a message to the user without ask the server
Server side: confirm that everything is fine and safety check in case js is disabled or someone try to hack the form
My question is: I usually see some mistakes between server side regex and client side regex which are not the same.
I'm in C#, do you think Regex should be in backend and the server should put his own regex on the client side (Js)?
I want to avoid this:
C# -> public const string AlphanumericField = @"[^A-Za-z0-9_]";
JS -> var alpahField = "[^A-Za-z_-]";
I want to avoid both declaration for the same thing.
Upvotes: 1
Views: 1463
Answers (4)
Reputation: 34385
You can use the exact same regex (as seen by the regex engine), on both the client and server side but you will need to declare them separately, because C# and JavaScript use different escaping schemes. Take for example a regex which validates a double quoted string which may contain any character escaped with a backslash. Here is the native regex needed:
Native regex:
^"[^"\\]*(\\.[^"\\]*)*"$
Javascript regex in regex literal:
/^"[^"\\]*(\\.[^"\\]*)*"$/
C# regex in verbatim literal string
@"^""[^""\\]*(\\.[^""\\]*)*""$"
With Javascript literal syntax, the only metacharacter (which needs to be escaped) is the forward slash. With a regex stored in a C# verbatim literal string, the only metacharacter is the double quote which is "escaped" by placing two double quotes in a row.
The RegexBuddy Solution
One good way to accomplish your goal (to maintain only one master regex for each validation rule) is to build all your native regexes using: RegexBuddy (RB). You can store all your fully tested and debugged validation regexes (along with appropriate test data for each regex) in a single regexbuddy library file. Then simply use RB's built-in exporting feature to generate the (correctly escaped) C# and Javascript regex snippets for the code.
If you are serious about crafting accurate and efficient regexes, you should really be using this tool anyway - to test that each regex works correctly for all edge cases (both matching and non-matching).
Upvotes: 0
Reputation: 6999
You can ask C# to declare this variable for javascript using register client script block
Dim cstext2 As New StringBuilder()
cstext2.Append("<script type=""text/javascript"">")
cstext2.Append("var alpahField = \"" + AlphanumericField +"\";")
cstext2.Append("script>")
RegisterClientScriptBlock(csname2, cstext2.ToString())
Upvotes: 0
Reputation: 4063
If possible in your app, you could do an AJAX call for your client side validation, which would allow you to have that RegEx in one place, and easily testable. You may take a very minor performance hit going to the server everytime you need to check this, but the maintainability is worth it in many cases.
Upvotes: 0
Reputation: 176886
For the regualtare expression I always make use of RegularExpressionValidator available in the asp.net
Check : http://msdn.microsoft.com/en-us/library/eahwtc9e.aspx for more detail about the regular expression validator.
Upvotes: 1
Related Questions
- Implementing server-side regex validation from client-side regex
- ASP.NET C# client-side & server-side validation with regular expressions
- Error Message and Validate Data in ASPX form
- Regex Expression validation in javascript
- javascript validation with regular expression not working
- Javascript regex form validation
- Regex Expression Conditional Validation In JavaScript
- Same RegEx validation works on the server side but not on client side
- Server-side validation in ASP.NET 2.0
- Javascript RegEx Help