You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not entirely sure if this is a bug/incomplete feature or not. In the Regular Expression checks, you're looking for \A and \Z to check that the validation is anchored correctly. Is it not equally valid to use '^' and '$' (which is what I'm doing, resulting in what might be false positives if my understanding is right)?
Happy to provide a patch to fix this if '^' and '$' should be allowed as well.
The text was updated successfully, but these errors were encountered:
However, these are not false positives. Using ^ and $ is not sufficient, as they will match newlines. Once a newline is encountered, the pattern is matched, allowing an attacker to insert whatever they wish after that (or before, if ^ is used).
Not entirely sure if this is a bug/incomplete feature or not. In the Regular Expression checks, you're looking for \A and \Z to check that the validation is anchored correctly. Is it not equally valid to use '^' and '$' (which is what I'm doing, resulting in what might be false positives if my understanding is right)?
Happy to provide a patch to fix this if '^' and '$' should be allowed as well.
The text was updated successfully, but these errors were encountered: