Skip to content

Commit 61226d2

Browse files
gkunzgkunz
committed
Adding missing non breaking space in table header
Signed-off-by: Georg Kunz <[email protected]>
1 parent 9863770 commit 61226d2

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

docs/Correctly-Using-Regular-Expressions.md

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -23,16 +23,16 @@ When using regexes for secure validation of untrusted input, do the following so
2323
1. If there are any branches (“&#x7c;”), make sure the alternatives are grouped. You can do this by surrounding them with parentheses like this: “(aa&#x7c;bb)”. If you don’t need the groups to be captured (you usually don’t), and your platform supports non-capturing groups (most do), it’s usually more efficient to use non-capturing groups - just change “(“ into “(?:”
2424
2. Use a regular expression in its normal mode (not “multiline” mode). Prepend a start-of-string marking (often “^” or “\A”) and append an “end-of-string” marking (often “$” or “\z”, but Python uses “\Z”). Do _not_ use “$” for input validation until you verify that “$” does what you want. See this table for many common platforms:
2525

26-
| Platform | Prepend | Append | $ Permissive? |
27-
|---------------------------------------------------|----------------|-----------------------------------------------------------------------------------------------------|----------------|
28-
| POSIX BRE, POSIX ERE, and ECMAScript (JavaScript) | “^” (not “\A”) | “$” (not “\z” nor “\Z”) | No |
29-
| Perl, .NET/C# | “^” or “\A” | “\z” (not “$”) | Yes |
30-
| Java | “^” or “\A” | “\z”; [“$” works but some documents conflict](./Correctly-Using-Regular-Expressions-Rationale#java) | No |
31-
| PHP | “^” or “\A” | “\z”; “$” with “D” modifier | Yes |
32-
| PCRE | “^” or “\A” | “\z”; “$” with PCRE2_ DOLLAR_ENDONLY | Yes |
33-
| Golang, Rust crate regex, and RE2 | “^” or “\A” | “\z” or “$” | No |
34-
| Python | “^” or “\A” | “\Z” (not “$” nor “\z”) | Yes |
35-
| Ruby | “\A” (not “^”) | “\z” (not “$”) | Yes |
26+
| Platform | Prepend | Append | $&nbsp;Permissive? |
27+
|---------------------------------------------------|----------------|-----------------------------------------------------------------------------------------------------|--------------------|
28+
| POSIX BRE, POSIX ERE, and ECMAScript (JavaScript) | “^” (not “\A”) | “$” (not “\z” nor “\Z”) | No |
29+
| Perl, .NET/C# | “^” or “\A” | “\z” (not “$”) | Yes |
30+
| Java | “^” or “\A” | “\z”; [“$” works but some documents conflict](./Correctly-Using-Regular-Expressions-Rationale#java) | No |
31+
| PHP | “^” or “\A” | “\z”; “$” with “D” modifier | Yes |
32+
| PCRE | “^” or “\A” | “\z”; “$” with PCRE2_ DOLLAR_ENDONLY | Yes |
33+
| Golang, Rust crate regex, and RE2 | “^” or “\A” | “\z” or “$” | No |
34+
| Python | “^” or “\A” | “\Z” (not “$” nor “\z”) | Yes |
35+
| Ruby | “\A” (not “^”) | “\z” (not “$”) | Yes |
3636

3737
For example, to validate in JavaScript that the input is only “ab” or “de”, use the regex “<tt>^(ab&#x7c;de)$</tt>”. To validate the same thing in Python, use “<tt>^(ab&#x7c;de)\Z</tt>” or “<tt>\A(ab&#x7c;de)\Z</tt>”. Note that the “$” anchor has different meanings among platforms and is often misunderstood; on many platforms it’s permissive by default and doesn’t match only the end of the input. Instead of using “$” on a platform if $ is permissive, consider using an explicit form instead (e.g., “`\n?\z`”). Consider preferring “\A” and “\z” where it’s supported (this is necessary when using Ruby).
3838

0 commit comments

Comments
 (0)