0

Can anyone recommend a regex that will reject any string with characters that should be escaped for use in an angular form input like...

<input name="name"  type="text" ng-pattern="*REGEX HERE*" ng-model="selectedExercise.name" />

And yes I know that this isn't a good way to sanitize user input. Under the hood I am using also using $sanitize before communicating to the backend and doing full sanitizing on the backend too.

honkskillet
  • 3,007
  • 6
  • 31
  • 47
  • Do you mean, you don't want to allow string/character in the text box? or do you want to display error message, if the user enters some string/character? – Rajeshwar Feb 20 '15 at 04:28

1 Answers1

0

If you are looking to prevent XSS type attacks, then the way to do this is to sanitize the input when it is being rendered to the user and not at time of capture.

If your application is rendering using Angular, then it automatically safely encodes all output on binding.

Abhinav Gujjar
  • 2,570
  • 2
  • 25
  • 35