Regular Expressions

[Paul Hodgdon]

Has anyone done a regular expression on a form field to throw an error if the user enters an email address that contains a domain that shouldn't be allowed?

I've tried the following which works at  https://regex101.com 

/^[a-zA-Z0-9_.+-]+@(?:(?:[a-zA-Z0-9-]+\.)?[a-zA-Z]+\.)?(foo|bar)\.net$/ig

The goal would be to not let a user send an OTP to one of their work email addresses, only to an email account that isn't associated with logging into the directory.

[pa...@identityworksllc.com]

I figured it out using a javascript editor.

<input id=" personalEmail " type="email" class="inputfield"
           name=" personalEmail " value=""  pattern="^((?!foo.com|bar.com).)*$" placeholder="exa...@non-foo.com" required="required" maxlength="255">

   PWM_GLOBAL['startupFunctions'].push(function(){
                    PWM_MAIN.addEventHandler('personalEmail', 'input', function (event) {
                        var input = event.target;
                        var regexError = 'Personal Email may not be a foo issued email';
                        var msg = input.value.search(new RegExp(input.getAttribute('pattern'))) >= 0 ? '' : regexError;
                        input.setCustomValidity(msg);
                        input.title = msg;
                    });
                });

[Jason Rivard]

You can add the regex to the form field configuration, you don't need JS.  The / and /ig prefix/suffix in your example isn't part of regex it's sed replacement commands.  Remove those or use the one in your pattern field you used in JS.  

If you do use JS do not modify the JSP, instead use the setting -> Settings ⇨ User Interface ⇨ Look & Feel ⇨ Embedded JavaScript, to add your JS so it will survive updates.

Adding the regex to the configuration allows server side validation which is much more secure.  The client side JS can be bypassed, but it can give nicer error handling.  It's entirely appropriate to do both.