dtbonklcs575884485 2010-08-11 14:58
浏览 114
已采纳

关于潜在的正则表达式滥用的担忧?

I have the following regex: ^[a-zA-Z](.*)[a-zA-Z]$ on both the Javascript and PHP side that I have been using for validating a person's name and message fields on a contact form (no database interaction). It basically ensures that the first and last character in the field are alphabets, and allows anything else in-between.

My concerns are:

  1. For this type of functionality, should I be bothered with trying to validate a person's name or message? The only thing I am validating or rather protecting against is any malicious input.
  2. I'm unsure what type of attacks I could leave my site open to, if the only thing I do is check that the fields aren't empty.

Are these valid concerns? If I start catering for all types of Name and Message scenarios, I'm going to end up with a very long expression that will become too difficult to maintain...So is it really worth it, or is there a bare-minimum regex that I should use for these 2 fields to protect against malicious attacks/scripting?

(PS - I've just been reminded by one of my co-workers about names beginning with an " ! ")

THANK YOU!!

  • 写回答

2条回答 默认 最新

  • doubutao6216 2010-08-11 15:06
    关注

    Now someone named Dieter Voß can’t use your contact form anymore. That’s bad.

    If you don’t have any database interaction and the data is sent to someone via e-mail or the like (as opposed to being displayed publicly on the web), then there’s not much of an security concern to protect yourself against. I’d recommend simply doing no check at all. (Except maybe whether the fields are empty.)

    Disclaimer: Without knowing about the rest of the code, any statements about possible security implications can possibly be wrong.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)
编辑
预览

报告相同问题?

悬赏问题

  • ¥15 PADS Logic 原理图
  • ¥15 PADS Logic 图标
  • ¥15 电脑和power bi环境都是英文如何将日期层次结构转换成英文
  • ¥20 气象站点数据求取中~
  • ¥15 如何获取APP内弹出的网址链接
  • ¥15 wifi 图标不见了 不知道怎么办 上不了网 变成小地球了
手机看
程序员都在用的中文IT技术交流社区

程序员都在用的中文IT技术交流社区

专业的中文 IT 技术社区,与千万技术人共成长

专业的中文 IT 技术社区,与千万技术人共成长

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

客服 返回
顶部