Change Password Control RegEx validating oddly in IE 7 only

Question

I'm using the Asp.net change password control in my application and all seems to be find and dandy until a user tells me she has a problem meeting the strength requirements when changing her password. Looking into this, she is using IE 7 and no matter what she puts in, the validation fails (and ONLY in IE 7. Firefox, IE 8, Chrome etc. all work as expected). Here is the regex i'm using:

^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).{5,15}$

I've tried out a few others that I've found throughout this site and others that folks seem to be using with no issues and I come across the same problem.

It seems that which ever pattern I enter in last (digit, upper or lower alpha) is the one that is expected to be repeated min of 5 times. For example:

Hello1 (doesn't work)

11111Hello (doesn't work)

Hello11111 (works)

Again, this is ONLY in IE 7. I've spent too much time on this already and I'm stumped. Anybody have any ideas??

Answer 1

Apparently Internet Explorer has a bug. Check out this post: A JScript/VBScript Regex Lookahead Bug. The example is the same - a password check - and they provide a work-around. Using their suggested approach as a guide, the pattern becomes:

^(?=.{5,15}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).*

Their pattern is very similar to yours, except for the negative look-around for whitespace.

---

Try using .* in the look-arounds. Using just . only covers one character followed by whatever you're specifying in the look-arounds. You want to look all the way ahead and see if anything matches. I tried the following expression in Expresso and it worked with the samples you listed and also failed on invalid inputs as expected.

^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).{5,15}$