0

I have the following regex:

(?=^.{7,14}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()_+}{":;'?\/>.<,])(?!.*\s).*$

It's meant to match and enforce the following password policy:

  • One Capital
  • One lower case
  • One digit
  • one special char i.e. @

However, it allows a password without any special chars.

Wiktor Stribiżew
  • 484,719
  • 26
  • 302
  • 397
Ageis
  • 1,929
  • 4
  • 19
  • 32
  • sorry can someone explain this to me. Never understood regular expression really. they're necessary evil! – Ageis Dec 05 '16 at 08:47
  • You need to use real chars instead of the entities, see https://regex101.com/r/TVPOCO/2. What are you trying to achieve? Please re-write the question to describe your real problem. – Wiktor Stribiżew Dec 05 '16 at 08:47
  • sorry but I have the question has been updated thats exactly what am trying to archive – Ageis Dec 05 '16 at 08:48
  • Regarding the *One Capital One lower case One digit one special char i.e. @* - why do you have `(?!.*\s)` that disallows whitespace? Another point: where are you using the regex? Does it mean you are after [`^(?=.{7,14}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*"_+(){}":;'?\/><.> – Wiktor Stribiżew Dec 05 '16 at 08:50

1 Answers1

1

The problem comes from the html entities inside the character class (a character class is a set of characters, you can't put strings inside), consequence, strings that contain q,u,o,t,e,g or l succeed.

Instead you can use:

^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!-@_{}])\S{7,14}$

(The character class for special characters is shorten using ranges and the ascii table)

Casimir et Hippolyte
  • 83,228
  • 5
  • 85
  • 113