I was looking in the new fancy error log thing, where I had been seeing a lot of "bad inputs", and decided to spruce up the message to show what the input actually was that was bad.

My original thought was that my app was successfully guarding against some clever chap circumventing my JavaScript input validation,

but no..

my JavaScript input validation was slightly different than my server input validation. The client wanted answers to be in the range 150 to 450 characters, and this was checked using essentially s.length >= 150 && s.length <= 450. However, the server was using a regular expression: /^.{150,450}$/. But that dot doesn't match newlines :(

Why were they different on the client and server? Well, the client actually makes two checks, and if either fails, gives the user a message saying "too short" or "too long". The server doesn't provide any nice feedback, it just throws a "bad input" exception if it's not correct, so it does it in one check.


and I'm so good at regular expressions too.

the new expression is /^[\S\s]{150,450}$/

At this time, I really wish I had some way of sending a message to all the people, letting them know why some of them were getting strange errors when they tried to submit their answers. I'm wishing I had the global chat box thing.

No comments:

Post a Comment