Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
5.4
-
None
Description
Client and server side validation using regular expressions is inconsistent: On the client side RegExp.test is used, which returns true if the pattern is found anywhere in the string, while on the server side Matcher.matches is used, which only returns true if the entire string matches the pattern. This leads to situations where the client side validation may succeed and then fail on the server side.
Proposed solutions:
- In the Regexp validator, replace matcher.matches() with matcher.find() to match the current behavior of client side validation, or
- Make sure that client side validation also matches the entire string
Option 1 may have more repercussions than option 2, because using Matcher.find() may cause strings that previously failed validation to now succeed validation, unless the regex was already on the form "^pattern$". Option 1 also provides most flexibility, however, because it allows using regular expressions that match only part of the string.