I need help in restricting entering form names as numbers in forms flow.
when I am checking I can see that I can enter numbers/special symbols as form name. So I thought it is meaningless if I can enter like that. how can I restrict giving numbers/symbols to form name? can I do it in the form design itself?
Related
I am working on an Acrobat form that should only accept positive, whole numbers in a field.
It is ideal if the number is simply reformated to suit the criteria. For example, if a user types in "-1.4", it should simply change to "1".
Is it acceptable to use this as the "Validation Script" for the field:
if (event.value) event.value = Math.abs(Math.round(event.value));
It seems to work, but is it ok to nest functions like this in general, or will it lead to issues.
Rather than change the value during the validation event, prevent an invalid value from being entered in the first place. To allow only numbers with no dashes to be entered, add the following to the custom keystroke event.
event.rc = !(/[a-zA-Z\-]/.test(event.change));
You may want to modify the regex to prevent other characters as well. I just did the bare minimum. Remember that you'll need to allow for the delete key, return key, and backspace to be permitted so you can't just limit the regex to 0-9 (which would be the obvious thing to do).
Have a form I am trying to build and even though I have a text box field that will work for users to enter a $ amount it would be nice to make it so that field only accepts numbers and keeps it in the $0.00 format. Seems like a simple thing but I cannot seem to find out how this would be done.
You need to specify the field as a decimal or double and define the precision (depending on what version you are using). The field should NOT be a text field but can use a textbox as the displaying control.
From an output standpoint, it will not automatically output $0.00, you have to format that based on the culture. There are several macros and functions within the API to do this.
Setup you control as followed
make the Data type a decimal number
in the Editing control settings click to show the Advanced section
in Filter set Type to Numbers and Custom
Add Valid characters your delimiter (, or .)
In the validation section add a rule for the minimum value to be 0.
The data type will enforce it to be a actual number.
You could also use as Validation a Regular expression setting something like:
^[$]?([0-9]{1,2})?,?([0-9]{3})?,?([0-9]{3})?(\.[0-9]{2})?[$]?$
which will allow a dollar sign prefix or suffix.
I have a Textbox in Powershell and I wondering how to prevent user from typing signs like .,:, key combination like: AAA etc?
I tried with Regex, but I want it to be dynamic - so when user type e.g. . it doesn't appear in TextBox. Probably, the MaskedTextBox can be a solution, but I don't want to specify how many characters user can type e.g. using AA - user can write 2 letters.
My goal is to make typing some signs and letter combination impossible. Do you have any ideas?
I want to sanitize a simple text field with a person's name, to protect from XSS and such. Stackoverflow pretty much says I must whitelist. I don't understand this. If I simply remove all < and > from the input value, or replace them with > and &ls;, does not that rule out code injection? Or am I missing something? Perhaps you only need to whitelist in more complex scenarios where you have to put up with angular brackets?
Sorry if it's a silly question, it's important to get this right.
Whether to whitelist or encode depends on how you want to use the text.
If you intend to treat the input as plain text, then encoding special characters is enough, and any HTML code entered will display as text only as long as you are careful not to allow unencoded text to end up anywhere in your HTML output. (This includes making sure any other systems you interface with don’t inappropriately use the unencoded text.)
If you want to allow some markup in the input, such as text styling or links, then you must whitelist the tags that you allow and get rid of all others.
No, it's not sufficient because if you were to include the person's name in an html attribute, you would also need to escape any double-quotes contained therein.
What is the best practice?
Any samples? I did a search and could not find anything.
I am thinking an Xml file with prohibited words which I could check against during registration and also be used elsewhere on the site to check for prohibited words.
The easy and quick way I thought was in the AccountModel.cs file and adding an attribute or use Regex.
Also, I want to prohibit the use of space in the username.
We have 2 lists in our database 1) censored words and 2) censored names.
When validating usernames we first check the censored words, this list could also be used in other areas like forums etc, then a the censored names is an additional list specific to usernames, for instance "admin", "support", "your company name" etc.
I would add these to your existing database rather than an XML file. You can then just build in an inteface to add more words using your eitsing framework.
You can use javascript to prohibit using spaces, we use the jQuery alphanumeric plugin to dissallow spaces and other prohibited characters. You should also validate this server-side.