Input validation is your first line of defense when creating a secure application.

Symphony Elements supports input validation using regular expressions (regex) for the text field and text area elements.

Regular expression Denial of Service - ReDoS

Regular expressions can cause performance issues in the Client if the validation of the regular expression is very complex. Poorly designed regular expressions can even cause denial of service (ReDoS). Please verify that your regular expressions are safe, using the following service: https://redos-checker.surge.sh/.

For more information, refer to Regular expression Denial of Service - ReDoS.

Validation examples

The following code snippets assumes that both <text-field> and <textarea> elements are placed within the right messageML context : <messageML> + <form> including an action <button>.

Text field

<!-- Validates a login -->
<text-field name="login" pattern="^[a-zA-Z]{3,}$" pattern-error-message="Login must contain at least 3 letters."></text-field>

<!-- Validates a decimal value, hint is not defined -->
<text-field name="price" pattern="^\d+,\d+$" pattern-error-message="This is an incorrect value."></text-field>

<!-- Validates a password -->
<text-field name="password" masked="true" pattern="^[a-zA-Z]\w{3,14}$" pattern-error-message="Your password is not strong enough."></text-field>

Text area

<!-- Validates that a line does not contain the word "badword" -->
<textarea name="justification" pattern="^((?!badword).)*$" pattern-error-message="Justification text must not contain the word 'badword'"></textarea>