Return-Path: X-Original-To: apmail-tapestry-commits-archive@minotaur.apache.org Delivered-To: apmail-tapestry-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id F3E1B1110C for ; Tue, 22 Jul 2014 12:10:38 +0000 (UTC) Received: (qmail 38089 invoked by uid 500); 22 Jul 2014 12:10:38 -0000 Delivered-To: apmail-tapestry-commits-archive@tapestry.apache.org Received: (qmail 38050 invoked by uid 500); 22 Jul 2014 12:10:38 -0000 Mailing-List: contact commits-help@tapestry.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@tapestry.apache.org Delivered-To: mailing list commits@tapestry.apache.org Received: (qmail 38040 invoked by uid 99); 22 Jul 2014 12:10:38 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jul 2014 12:10:38 +0000 Date: Tue, 22 Jul 2014 12:10:38 +0000 (UTC) From: "Jochen Kemnade (JIRA)" To: commits@tapestry.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (TAP5-2362) Client and server side validation using regular expressions is inconsistent MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/TAP5-2362?page=3Dcom.atlassian= .jira.plugin.system.issuetabpanels:all-tabpanel ] Jochen Kemnade updated TAP5-2362: --------------------------------- Fix Version/s: (was: 5.4) > Client and server side validation using regular expressions is inconsiste= nt > -------------------------------------------------------------------------= -- > > Key: TAP5-2362 > URL: https://issues.apache.org/jira/browse/TAP5-2362 > Project: Tapestry 5 > Issue Type: Bug > Components: tapestry-core > Affects Versions: 5.4 > Reporter: Christian N=C3=A6ser Lindequist > Priority: Critical > > Client and server side validation using regular expressions is inconsiste= nt: On the client side RegExp.test is used, which returns true if the patte= rn is found anywhere in the string, while on the server side Matcher.matche= s is used, which only returns true if the entire string matches the pattern= . This leads to situations where the client side validation may succeed and= then fail on the server side. > Proposed solutions: > # In the Regexp validator, replace matcher.matches() with matcher.find() = to match the current behavior of client side validation, or > # Make sure that client side validation also matches the entire string > Option 1 may have more repercussions than option 2, because using Matcher= .find() may cause strings that previously failed validation to now succeed = validation, unless the regex was already on the form "^pattern$". Option 1 = also provides most flexibility, however, because it allows using regular ex= pressions that match only part of the string. -- This message was sent by Atlassian JIRA (v6.2#6252)