21

I am using JQuery File upload plugin, for giving value to the option accept files I need the regular expression which will tells what are the file types to be restricted. I need to restrict both exe and js which i achieved by using below expression

(\.|\/)(!exe|!js)$

But this is expression was not allowing other files as well then I tried adding one extension as below

(\.|\/)(!exe|!js|pdf)$

With Above regular expression it is accepting only pdf and not accepting exe and JS. Now I need to enable for all file extentions except exe and js. It will be difficult to add all the extensions to the expression. Can we mention some how in the expression to accept other filetypes except exe and js in the similar format above. This regular expression is for JS.

Thanks,

Vinay

sshashank124
  • 31,495
  • 9
  • 67
  • 76
Vinay
  • 689
  • 3
  • 7
  • 22

3 Answers3

29

This will exclude .js and .exe at the end of the string, but allow anything else:

/^[^.]+$|\.(?!(js|exe)$)([^.]+$)/

Broken down:

  1. ^[^.]+$ matches any string with no dots
  2. \.(?!(js|exe)$)([^.]+$) matches a dot only if it is not followed by js or exe at the end of the string.

The following are allowed:

  • something.js.notjs
  • somethingelse.exee
  • /something.js/foo

The following are not allowed:

  • jquery.js
  • outlook.exe

Note: excluding certain file extensions is not a substitute for security, and even if it were JS and EXE files would not be a comprehensive blacklist. If your purpose in excluding certain extensions is to protect your server or your users, consider a white list of extensions and a thorough validation of file data after upload.

eyelidlessness
  • 62,413
  • 11
  • 90
  • 94
  • Thanks for the detailed information. The regular expression is working with some small issue. When I am adding more than one exe file then the tool is not showing validation error for the second exe file. I need to see if there is any issue with the plugin JS. – Vinay Apr 21 '14 at 03:28
2

You're looking to use the (?!pattern) syntax. Also, while stating what you want to match, you aren't stating what should match. So this should do the trick:

(\.|\/)(?!exe|js).*$

This is saying "Match anything that's a dot (.) as long as it's not followed by 'exe' or 'js', and then match whatever you want after that."

David Maddox
  • 1,884
  • 3
  • 21
  • 32
  • I tested that expression in this website http://www.regexr.com/v1/ I think it is working as expected but when I am giving this as an option to the plugin I am using it is not working, it is accepting all the file types. I need to add '/' in the front and add '/i' at the end to give it in a proper way. So, the final value i am passing to that option is /(\.|\/)(?!exe|js).*$/i will adding those to the regular expression will make any difference – Vinay Apr 20 '14 at 05:18
  • 1
    This will return a false negative for strings like `foo.jss` and `/execution/files` – eyelidlessness Apr 20 '14 at 06:48
  • You are right, @eyelidlessness. I would need to make the ?! syntax (?!(exe|js)$).*$ – David Maddox Apr 22 '14 at 16:29
0

I do not know this work or not but 99% this will work for you to exclude this exe or js extension use following pattern

/\.(exe|js)$/ig

Following code give you TRUE when file is on your blacklist. Otherwise give you FALSE

var result = /\.(exe|js)$/ig.test(filename);

Hope this help you!

Jaykumar Patel
  • 26,836
  • 12
  • 74
  • 76
  • It is working in an exact opposite way. Its accepting exe and js but not any other format. Can you please give the opposite of this condition, I think negative condition for this will solve the problem – Vinay Apr 20 '14 at 04:36
  • are you use `!` sign to convert whole thing into negative condition. `/\.(!exe|!js)$/ig` – Jaykumar Patel Apr 20 '14 at 04:39
  • Just now tried that, keeping in that way it is saying all the file types are invalid including exe and js – Vinay Apr 20 '14 at 04:41
  • A [simple solution](https://jsfiddle.net/hcaetk1p/1/) could be to use `!` for the JavaScript evaluation of `test()`. `var result = ! /\.(exe|js)$/ig.test(filename);` Since it will return `true` if the pattern ends in .exe or .js. – Will B. Aug 27 '21 at 14:26