I am trying to use AngularJs Valdr plugin, but I realized that when adding + sign to email address, the validation passes.
What I mean is, I have an input with name email, and valdr-type is email.
When I enter something like, email#example.com, it passes (which is OK), but changing to +email#example.com also passes the validation.
Same for an email without domain extension (eg. email#example)
Any idea please ?
Thank you !
Per Valdr documentation:
https://github.com/netceteragroup/valdr#email
email
Checks that the field contains a valid e-mail address. It uses the same regular expression as AngularJS is using for e-mail validation.
Per angularjs documentation:
https://docs.angularjs.org/api/ng/input/input%5Bemail%5D
"Note: input[email] uses a regex to validate email addresses that is derived from the regex used in Chromium. If you need stricter validation (e.g. requiring a top-level domain), you can use ng-pattern or modify the built-in validators (see the Forms guide) "
Related
I'm trying to pass the display name of all my fields to any of the inputs that fail when a user tries to sign up, but fails to for missing an input box?
The only Microsofts docs I could find was to just add the {0} and it would display on over the input. But it just puts the actual the actual text of '{0}'
<LocalizedString ElementType="UxElement" StringId="required_field">This
information is required {0} . </LocalizedString>
Am I missing a setting to activate this to pass the display names to the screen?
Thanks,
Adam
It’s not possible to configure this, other than using custom JS.
ADF Client side validation – Email validation:
I want to add a validation rule to an email field so it doesnt accept invalid emails when entered (but remains not required, so its either empty or valid).
I used a Validate Regular Expression on the Email field in the jsf page with these arguments:
Pattern: ^[_A-Za-z0-9-]+(\.[_A-Za-z0-9-]+)#[A-Za-z0-9]+(\.[A-Za-z0-9]+)(\.[A-Za-z]{2,})$
Message: You have entered an invalid email address. Please try again.
The problems are:
1- When entering an invalid email, it works but when entering a valid email the error message still appears.
2- The email field becomes mandatory even though its not.
I'm developing SPA using ASP.NET Core and ReactJS.
In some places of application users have an opportunity to create comments, that will be shown everyone. So I have string inputs in controllers, and I save data 'as is' in database.
I've added attribute [Produces("application/json")] for each controller - to return json as results (I don't use server-side render).
My question: should I additionally encode input data (before saving in DB or before sending to user) - or this attribute automatically encodes all strings (before sending to user) and I won't have any chance have XSS attack in my application?
Thanks.
As the docs specify
A filter that specifies the expected Type the action will return and
the supported response content types. The ContentTypes value is used
to set ContentTypes
The Produces attribute will only define what the action/method will produce, it will not encode any input string
I'm using the Angular framework with Angular Material controls in my recent application. I'm looking for a good solution for the following problem:
A form form with an input field named nickname is shown to the user. After the user has chosen a nickname and submitted the form, the server checks whether the nickname has already been taken. In that case, it returns an error to the Angular client.
To show an appropriate error to the user, the code then calls form.nickname.$setValidity('nicknameTaken', true). The new ngMessages module is used to display the error to the user. Further form.$isInvalid is used to disable the form controls to prevent the user from resubmitting the invalid nickname.
My problem is now the following: I'd like to have the error nicknameTaken automatically being removed as soon as the user begins to edit the form fields again. What is a good way to do this? Is there a predefined route to go when it comes to server-side validation errors of this kind? (Note that I am not asking for asynchronous validation because I only want to contact my server when the form is actually being submitted.)
I would write a normal validator directive instead. Something like
<input blacklist="takenNickNames" .../>
This directive would simply add a validator to the input, and this validator would make the input invalid if the model value is contained inside the given takenNickNames array (and valid if it's not present).
The takenNickNames array would be empty initially. When the form is submitted and the error comes back, the controller would add the invalid nick name to the array.
So, every time the user would enter something, the validator would be triggered, and would set the field valid or not, based on the taken nicknames stored in the array.
Here is a working example.
I know that I can check IP addresses and domains against blacklists like Spamhaus and co, but is there a way that I can prevent iamaspammer#gmail.com from signing up at my website?
most form spam is created with fake/invalid email adresses which are only used once, so creating a blacklist is pretty useless.
it's way more effective to block known bot IPs and malicious URLs in the form body.
I also suggest securing your form with a good captcha.
If you don't want to bother your users with captchas, there is a less obtrusive, but also less effective trick:
create a additional form field and hide it via css. only accept the form if this field was submitted empty. many bots usually fill out all fields, so you can reject the form if this hidden field has any content.