JSLint“不安全^”在正则表达式中
JSLint 报告以下行不安全的“^”。这是为什么?或者每当我想否定某个角色类别时它就会抱怨?
// remove all non alphanumeric, comma and dash characters
"!$7s-gd,&j5d-a#".replace(/[^\w,\-]/g, '');
JSLint reports Insecure '^' for the following line. Why is that? Or is it just going to complain any time I want to negate a character class?
// remove all non alphanumeric, comma and dash characters
"!$7s-gd,&j5d-a#".replace(/[^\w,\-]/g, '');
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
仅当您在底部选择了选项时,它才会执行此操作:
来自文档:
所以回答你的问题,如果你用
^启动一个正则表达式并且它被检查,是的,它每次都会抛出错误。问题在于 unicode 字符,您允许其中包含几乎所有内容,并且存在潜在的安全问题或验证绕过问题。 只允许有效的字符,而不是禁止某些内容(可以绕过)。It only will do this if you have the option selected at the bottom:
From the docs:
So the answer your question, if you start a regex with
^and it's checked, yes it'll throw the error every time. The issue is with unicode characters, you're allowing pretty much anything in there and there's potential for security issues, or validation bypassing issues. Instead of disallowing something (which can be bypassed), allow only what characters are valid.regexp: truelint 选项中的
将允许
.和 /RegExp/ 中的 [^...]您可以在此处配置您想要使用的规则
http: //www.jslint.com/
regexp: truein your lint options, will allow
. and [^...] in /RegExp/you can configure the rules you would like to use here
http://www.jslint.com/
考虑使用
\W而不是/^\w/对于您的特定情况,这不起作用,因为您想保留逗号和破折号字符,但我认为值得一提。
Consider using
\Winstead of/^\w/For your particular case this would not work because you want to leave comma and dash characters, but I think it is worth mentioning.