ansaurus

Question

Javascript Regular Expression for Password

Answer 1

+1 A:

the "?=" does this. It is a "Positive Lookahead"

From JavaScript Regular Expression Syntax

Positive lookahead matches the search string at any point where a string matching pattern begins. This is a non-capturing match, that is, the match is not captured for possible later use. For example 'Windows (?=95|98|NT|2000)' matches "Windows" in "Windows 2000" but not "Windows" in "Windows 3.1". Lookaheads do not consume characters, that is, after a match occurs, the search for the next match begins immediately following the last match, not after the characters that comprised the lookahead.

Ryan Conrad 2010-06-21 15:13:45

Thanks. Silentghost's response has the details.

atlantis 2010-06-21 16:06:37

That link is very useful ... thanks again!

atlantis 2010-06-21 16:10:08

Answer 2

+1 A:

The ?= is called a lookahead where it will scan the rest of the string to see if the match is found. Normally, regex go character by character, but the ?= tells it to "lookahead" to see if it exists.

There is also a negative lookahead of ?!.

Aaron Harun 2010-06-21 15:15:06

Thanks. Silentghost's response has the details.

atlantis 2010-06-21 16:06:01

Answer 3

+1 A:

I think this would work even better:

/(?=.*[A-Z])(?=.*[!@#\$%])/

Look-arounds do not consume characters, therefore, start for the second look-ahead is the same as for the first. Which makes checks for those two characters independent of each other. You could swap them around and resulting regex would still be equivalent to this.

The following regex (suggested by Gumbo) is slightly more efficient, as it avoids unnecessary backtracking:

/(?=[^A-Z]*[A-Z])(?=[^!@#\$%]*[!@#\$%])/

On passwords of usual lengths the time difference probably won't be easily measurable, though.

SilentGhost 2010-06-21 15:16:38

I think `+` is one of the desired 'special characters'. Instead of removing it entirely, it should be in the character class `[]`

LeguRi 2010-06-21 15:22:09

@Richard: plus is also used in the first look-ahead, therefore, I think it's used as a quantifier. It's not entirely wrong, it's just redundant.

SilentGhost 2010-06-21 15:23:29

@SilentGhost - This is true; I didn't notice it in the first.

LeguRi 2010-06-21 15:29:58

Make it a little smarter: `/(?=[^A-Z]*[A-Z])(?=[^!@#\$%]*[!@#\$%])/`. That avoids unnecessary backtracking.

Gumbo 2010-06-21 15:42:37

why the downvote?

SilentGhost 2010-06-21 16:03:43

Thanks @SilentGhost for the detailed explanation!@Richard: I am using the + as a quantifier as pointed out above. Now I understand why it is redundant.I did not understand the part about 'unnecessary backtracking' though :( A small explanation would be great!

atlantis 2010-06-21 16:08:39

@atlantis: it has to do with internals of regex engine: `*` is a greedy quantifier, which means that it tries to match corresponding character or character class as many times as possible, which means it tries to match the whole subject string, then checks if the rest of the regex `[A-Z]` could be matched, if not it "back-tracks", i.e., releases a character to be matched with `[A-Z]` and reduces match with `.`, it does so until it matches or fails to match and returns. What Gumbo proposes is trying a simple match for all character except `A-Z`, which is a forward match character by character.

SilentGhost 2010-06-21 16:19:27

@atlantis: here probably is a better explanation: http://www.regular-expressions.info/repeat.html

SilentGhost 2010-06-21 16:21:25

@SilentGhost: Thanks a ton for the pointers. Learnt quite a few things today! Cheers.@Gumbo: Thanks for the smartening up of the regex!

atlantis 2010-06-23 10:37:11

ansaurus

tags:

views:

answers:

Javascript Regular Expression for Password

related questions