HTML Patterns server side safe?

Recommended Posts

Thor    5

I searched if PW had regex support for users input before and even a few days back and was not able to find any accurate information, but it seems the reason is that they call this Pattern here instead. This is the description in the admin side:

Optional regular expression pattern to require in the input. This is used both client side (HTML5 pattern attribute) and server side for validation. Be sure to provide an example of the required pattern in your field description.

This seems like regex to me :)

So I'm very happy to see that this is implemented for data input validation. I usually just used PHP regex with my forms so my questions are related to this in particular. I used in the past just JS for users validation (just for GUI friendliness) but of course, PHP (server side) when data is actually submitted. This seems like it will kill 2 birds at once saving me a lot of work :)

Is this just browser/JS regex or does it indeed have server validation for the same regex saved? If this is just browser side, its mostly useless for security reasons as the server (PHP) should be doing any validation. It says there that its used for both, but I'm not sure if browser regex is the same as server PHP one. I assume PW makes the proper check and I will not end up with a case where it works nice on the browser but fails on the server side.

The other thing which I'm bit confused about is if the other fields are still valid like Minimum length, Maximum length if you are using a pattern. As far as I understand, the pattern (regex) makes those checks already, so would that setting be redundant?

Thanks guys! And really loving PW so far. It seems like everything I'm looking so far is build in. I'm impressed by how much potential this has and I feel great about making PW the choice for my current project. I will of course also buy some commercial modules to support Ryan and his great piece of software.

Share this post

Link to post
Share on other sites
Thor    5

Wow, great. Didn't saw that yet. I guess that solves it both ways :) 

Thank you!

  • Like 1

Share this post

Link to post
Share on other sites
Zeka    281

Also, you can hook save process and do your custom sanitization or validation of data if needed. 

  • Like 2

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.