I have a line of code that gets the following error when run through JSLint:
Lint at line 604 character 48: Insecure '^'.
numExp = parseInt(val[1].replace(/[^\-+\d]/g, ""), 10);
This error seems to refer to the following description from JSLint's option page:
"true if . and [^...] should not be allowed in RegExp literals.
These forms should not be used when validating in secure applications."
I don't quite understand how a client-side javascript application can really be considered secure. Even with the most airtight regex, it's still possible to fire up something like firebug and change the variable anyway. The real input validation should be done on the server, and the client browser should probably stick with validation that will handle the abuse of your average user.
Is it safe to ignore this error? Am I missing an angle here where my application will be insecure because of client-side input validation?