I was looking at the regular expression for validating various data types from the (OWASP Regex Repository).
One of the regular expressions in there is called safetext and looks like:
^[a-zA-Z0-9\s.\-]+$
My first question is:
Is this regular expression correct?
complementary question
If this Regex Repository any good at all?
UPDATE
I'm mostly curious about the unescaped .
The description for the regex in the linked page says "Lower and upper case letters and all digits". But the regex ^[a-zA-Z0-9\s.\-]+$ allows spaces, periods and hyphens too.
The regex makes sure that the string contains only alphanumeric characters, whitespaces, periods and hyphens, and also that the string is not empty. I'm not familiar with the context, but I guess the reason they named it safetext might be that it disallows angle brackets (while allowing normally used characters in text areas) and thus prevents script injection.
Period . is not a meta character inside a character class []. So you need not escape period within square brackets.
the only special characters or metacharacters inside a character class are the closing bracket (
]), the backslash (\), the caret (^) and the hyphen (-). The usual metacharacters are normal characters inside a character class, and do not need to be escaped by a backslash.
Most regex flavors allow unescaped hyphens as long as you put them at the beginning or the end of the character class. The hyphen in [!#@-] is literal but the one in [!#-@] is not. The first one means one of the four symbols whereas the second one means ! and all the characters between (and including) the ASCII values of # and @, i.e., ASCII 35 to 64.
As for if the library is good at all, I would say it's a good place to start. You might want to modify them as per your requirements. For example, their password regex shows how to use positive lookahead to check for occurrences of at least one lowercase/uppercase/numeric etc. But it only allows strings of length between 4 and 8: you might want to allow longer passwords.