regular expression for physical path - asp.net

can someone tell me the javascript regular expression for physical path like
1) User Should enter something like this in the textbox( c://Folder1/) . Maybe in d: or e:
2) But after that acceptable
a) (c://Folder1/Folder2/)
b) (d://Folder1/Folder2/Folder3/abc.txt)
e) (c://Folder1/Folder2/Folder3/abc.txt)

From the examples you've given, something like this should work:
[a-zA-Z]://(\w+/)+
ie:
[a-zA-Z] = a single letter (upper or lower case)
followed by
:// = the characters "://"
followed by:
(\w+/)+ = at least one "something/".
"something/" defined as :
\w+ = at least one word character (ie any alphanumeric), followed by
/ = literal character "/"
Hope this helps - my syntax may be a little off as I'm not fully up to speed on the javascript variant for regex.
Edit: put regex in code tags so it is visible! And tidy up explanation.

This problem is actually trickier than you think. You're trying to validate a path, but paths can be surprisingly hard to properly validate. Are you properly handling UNC network paths, e.g.?
This is known as the canonicalization problem and is part of writing secure code. I suggest checking out some guidance from Microsoft for properly canonicalizing and validating the path in your application. The advantage of canonicalizing your path is that you also implicitly validate its format because the canonical form will be returned from a library call that will only return paths that are potentially valid (properly formatted). This means that you don't have to do any sort of regex validation at all. Just throw your string at the method that canonicalizes the path (Path.GetFullPath() probably) and handle the exception for an invalid path.

Related

Remove http:// or https:// and Trailing / in NetSuite Saved Search

Let me preface this by stating very clearly that I am not a developer and I'm new to NetSuite formulas.
I have a NetSuite saved search that include the Web Address (field id: {url})
I need to remove everything except the main part of the domain (end result should look like abc.com).
I have attempted to use REPLACE({url}, 'http://[,' ']) unsuccessfully.
I have also attempted various LTRIM, RTRIM, TRIM formulas without luck.
I found some information on using REGEXP_SUBSTR, but wasn't successful there either.
I was able to accomplish my goal in Excel using Excel string functions MID, LEN, and RIGHT, but that doesn't seem to translate in NetSuite.
I'd love some assistance.
REGEXP_SUBSTR({url}, '//(.)+') --> get substring starting with //
REPLACE({text}, '/') --> replace / with nothing
The final formula is:
REPLACE(REGEXP_SUBSTR({url}, '//(.)+'), '/')
Jala's answer doesn't seem to work for URLs such as https://stdun7.wixsite.com/stdunstansparish where it returns stdun7.wixsite.comstdunstansparish
In your saved search create a Forumula (Text) field with the following formula
REGEXP_REPLACE({url},'(^http[s]?://)([a-zA-Z0-9.-])(/?.)', '\2')
I'll break down the arguments for the REGEXP_REPLACE function and how it all works...
First argument - {url} the Field containing the url information to parse
Second argument - regexp string
Third argument = replace regexp string
the regexp string has parentheses to denote capture groups of portions of the regular expression.
The first capture group captures the protocol portion of the URL.
The second capture group captures the next part, all permissible hostname characters until the end of the string, or until a '/'
The third capture group captures the remaining portion of the string.
The replace string is used to prepare the return value of the REGEXP_SUBSTR function. Since the entire url is matched by the regexp, the entire string will be replaced by this expression, referencing the second capture group. (aka the hostname)
Since you say you're new to NetSuite formulas, I'll note that those functions are based on Oracle PL/SQL so if you want additional info or examples of how they work beyond what NetSuite provide, sometimes it's instructive to just google things like "pl/sql REGEXP_SUBSTR" etc. to get additional documentation how how they work.
Another good resource is regex101.com, a helpful site to test regular expressions in advance....

Is it better to use a "?" or a ";" in a URL?

In my application, I redirect an HTTP request and also pass a parameter. Example:
http://localhost:9000/home;signup=error
Is it better to use a ; or shall I use a ? i.e. shall I do http://localhost:9000/home;signup=error or http://localhost:9000/home?signup=error?
Are the above two different from each other semantically?
The ? is a reserved character; I have read that this is both valid and invalid, but I have used it for 'slugs' when templating.
Should you choose to use it, percent-encode the query string using %3F which is not human readable, but will produce the ?. (An encoder is recommended)
Perhaps you will find a more suitable solution for your redirects by adding an .htaccess file to your project.

Regex not working in asp.net(.aspx page)

I have a regex thats working normally (when i tried through online regex checking websitesites).
This should not allow 1234.1234.1234.1234 but while I am using it in asp.net,it is allowing even those values.
Any suggestion?
var ipfilter = new RegExp("(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?$)");
.NET regex differs from JavaScript one immensely. However, in this case, it is a regular problem: the dot must be preceded with a literal backslash, or placed inside a character class. I suggest the latter as it is less error-prone, and you need to add a ^ (start of string) anchor:
var rx = "^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)[.](25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)[.](25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)[.](25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?$)";
Is the online regex checking website you used testing regex for .NET? .NET regex differs slightly from Javascript regex.
http://refiddle.com/ - you can test against .NET on this by selecting .NET from the regex options drop down on the left.

Parameter separator in URLs, the case of misused question mark

What I don't really understand is the benefit of using '?' instead of '&' in urls:
It makes nobody's life easier if we use a different character as the first separator character.
Can you come up with a reasonable explanation?
EDIT: after more research I found that "&" can be a part of file name (terms&conditions.html) so "?" is a good separator. But still I think using "?" for separators makes lives easier (from url generators and parsers point of view):
Is there any advantage in using "&" which is not clear at the first glance?
From the URI spec's (RFC 3986) point of view, the only separator here is "?". the format of the query is opaque; the ampersands just are something that HTML happens to use for form submissions.
The answer's pretty much in this article - http://www.skorks.com/2010/05/what-every-developer-should-know-about-urls/ . To highlight it, here goes :
Query is the preferred way to send some parameters to a resource on
the server. These are key=value pairs and are separated from the rest
of the URL by a ? (question mark) character and are normally separated
from each other by & (ampersand) characters. What you may not know is
the fact that it is legal to separate them from each other by the ;
(semi-colon) character as well. The following URLs are equivalent:
http://www.blah.com/some/crazy/path.html?param1=foo&param2=bar
http://www.blah.com/some/crazy/path.html?param1=foo;param2
The RFC 3896 (https://www.ietf.org/rfc/rfc3986.txt) defines general and sub delimiters ... '?' is a general, '&' and ';' are sub. The spec is pretty clear about that.
In this case the latter '?' chars would be treated as part of the query. If the query parser follows the spec strictly, it would then pass the whole query on to the app-destination. If the app-destination could choose to further process the query string in a manner which treats the ? as a param name-value pairs delimiter, that is up to the app's designers.
My guess is that this often 'just works' because code that splits query strings and the original uri uses all delimiters for matching: 1) first query is split on '?' then 2) query string is parsed using char match list that includes '?' (convenience only).... This could be occurring in ubiquitous parsing libraries already.

How may i escape / and other characters in asp.net?

When i visit http://localhost:17357/u/a%2fa/m/ssd-10 and look at HttpContext.Current.Request.Url in Application_BeginRequest i see http://localhost:17357/u/a/a/m/ssd-10 huh? shouldnt i get http://localhost:17357/u/a%2fa/m/ssd-10? i thought the point of escaping urls is so ?, &, / and other special symbols not be confused with their special meaning in urls. Maybe theres a config i need to tweak?
I created 4 usernames, there are
a?#!&ee
a?#!/&ee
as d
クイン
with the links as
a?#!&ee<br>
a?#!/&ee<br>
as d<br>
クイン
The last two work, but the first two i get the exceptio
A first chance exception of type 'System.ArgumentException' occurred in mscorlib.dll
Additional information: Illegal characters in path.
then
A first chance exception of type 'System.Web.HttpException' occurred in System.Web.dll
Additional information: '/u/a?#!&ee' is not a valid virtual path.
and my page says Bad Request. How can i allow these usernames to work. If its impossible how can i write a workaround?
You need to escape it again. Use %252f instead of %2f. To clarify, the URL is unencoded when the server receives it. URL encoding allows you to pass in a / that the server processes as a character instead of the special function that a reserved character would normally trigger. See the Wikipedia page for more info.
Concerning your error with the a?#!&ee username, it seems almost certain that you're running into a problem that ASP.NET has with special characters (even urlencoded properly) that are not in the query string (that is, after the ? part of the URL). Joshua Flanagan talks about it in a blog post, and identifies %, &, *, and : as the problematic characters.
He points to a Dirk.Net blog post that offers a couple of fixes. First, you can edit the registry to allow restricted characters (adding a DWORD key AllowRestrictedChars to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters and setting its boolean value to true). Or, you can ensure that you have the .NET framework 1.1 SP1 and edit the registry to set ASP.NET VErification Compatibility to true (DWORD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET VerificationCompatibility = 1). Third, you can try setting ValidateRequest to false on the ASPX page. Finally, as Joshua decided to do, you can pass the information using the query string, i.e. after the ? as ASP.Net originally (pre MVC) expected.
I wrote my own solution. Its nice to have a username with / but not consider as / when getting a GET request.

Resources