Increase default security checks for the password

- Activate by default the extra security rules.
- Make the invalid chars optional rule configurable.

Author: ablanco

CHANGES.md

@@ -4,6 +4,8 @@
 
 - Thai localization.
 - Fix typo in German localization.
+- Activate by default the extra security rules.
+- Make the invalid chars optional rule configurable.
 
 ## 2.1.3
 

OPTIONS.md

@@ -34,6 +34,13 @@ Let's see the options of each section.
   The username field to match a password to, to ensure the user does not use
   the same value for their password.
 
+* __invalidCharsRegExp__:
+
+  Default: `new RegExp(/[\s,'"]/)` (Regular Expression)
+
+  A regular expression object to use to test for banned characters in the
+  password.
+
 * __userInputs__:
 
   Default: `[]` (Array)

README.md

@@ -174,20 +174,25 @@ $(document).ready(function () {
 ```
 
 
-## Extra security
+## Extra restrictions
 
 The plugin comes with two validation rules deactivated by default. One checks
-for too many character repetitions, and the other checks the number of
-character classes used. An easy way to increase the security of the passwords
-is to activate this two rules:
+the length of the password and penalizes it if it's too long; and the other
+checks if the password contains a banned char, and penalizes it if it does.
+
+You can configure the max length of the password by using the option `maxChar`.
+You can also configure the invalid chars by using the option
+`invalidCharsRegExp`.
+
+If you need these restrictions you just need to activate this two rules:
 
 ```javascript
 $(document).ready(function () {
     var options = {};
     options.rules = {
         activated: {
-            wordTwoCharacterClasses: true,
-            wordRepetitions: true
+            wordMaxLength: true,
+            wordInvalidChar: true
         }
     };
     $(':password').pwstrength(options);

src/options.js

@@ -15,6 +15,7 @@ defaultOptions.common = {};
 defaultOptions.common.minChar = 6;
 defaultOptions.common.maxChar = 20;
 defaultOptions.common.usernameField = "#username";
+defaultOptions.common.invalidCharsRegExp = new RegExp(/[\s,'"]/);
 defaultOptions.common.userInputs = [
     // Selectors for input fields with user input
 ];
@@ -56,8 +57,8 @@ defaultOptions.rules.activated = {
     wordInvalidChar: false,
     wordSimilarToUsername: true,
     wordSequences: true,
-    wordTwoCharacterClasses: false,
-    wordRepetitions: false,
+    wordTwoCharacterClasses: true,
+    wordRepetitions: true,
     wordLowercase: true,
     wordUppercase: true,
     wordOneNumber: true,

src/rules.js

@@ -54,7 +54,7 @@ try {
     };
 
     validation.wordInvalidChar = function (options, word, score) {
-        if (word.match(/[\s,',"]/)) {
+        if (options.common.invalidCharsRegExp.test(word)) {
             return score;
         }
         return 0;