Javascript: string detection

[Olly]

Hello Group:

I'd be grateful to anyone who can help me with Javascript form.

I want users to submit a web form, but to stop the form submission if
any of my text fields contain specific value (e.g. "http").
I incorporated "http" detection bits of script into my existing
function (only for one of my fields for now ), but for some reason this
script doesn' work, probably, because of the wrong syntax.
=============
function checkEmail(theForm)
{
// Customize these calls for your form
// Start ------->
if (!validEmail(theForm.Email,"Email Address",true))
return false;
// <--------- End

if (document.InqServicesForm.FName.value.indexOf('http') > -1)
return false;
{
alert("http detected.");
return false;
}

return true;
}
=============

Could you please have a look at my form script?

The form's URL is here:
http://www.ccohs.ca/ccohs/inquiries_fix/inquiries_form.html

+++++++++++++++++
function isEmailAddr(Email)
{
var result = false;
var theStr = new String(Email);
var index = theStr.indexOf("@");
if (index > 0)
{
var pindex = theStr.indexOf(".",index);
if ((pindex > index+1) && (theStr.length > pindex+1))
result = true;
}
return result;
}

function isEmail(string) {

if (!string) return false;
var iChars = "*|,\":<>[]{}`\';()&$#%";

for (var i = 0; i < string.length; i++) {
if (iChars.indexOf(string.charAt(i)) != -1)
return false;
}
return true;
}

function validEmail(formField,fieldLabel,required)
{
var result = true;
if (result && ((formField.value.length < 3) ||
!isEmailAddr(formField.value)))
{
alert("Please enter a complete email address in the form:
(e-mail address removed)");
formField.focus();
result = false;
}

return result;

}

function checkEmail(theForm)
{
// Customize these calls for your form
// Start ------->
if (!validEmail(theForm.Email,"Email Address",true))
return false;
// <--------- End

if (document.InqServicesForm.FName.value.indexOf('http') > -1)
return false;
{
alert("http detected.");
return false;
}

return true;
}

document.forms["InqServicesForm"]

function checkForm(){
var w=document.forms["InqServicesForm"];
if(
w.FName.value == '' ||
w.LName.value == '' ||
w.Phone.value == '' ||
w.Address.value == '' ||
w.City.value == '' ||
w.Province.value == '' ||
w.PostalCode.value == '' ||
w.Email.value == ''
)
{
alert("Please fill in all required fields.");
return false;
}
return true;

}
+++++++++++++++++++

Many thanks.
O.

 

[Olly]

Hello again:

I bugged you for nothing, guys. Sorry. I got it to work.

Regards.
O.

 

[Dr J R Stockton]

I want users to submit a web form, but to stop the form submission if
any of my text fields contain specific value (e.g. "http").

if (document.InqServicesForm.FName.value.indexOf('http') > -1)

(A) What is the objection to Mr. Srinavasa Tusithttpuniwala entering his
name?
(B) Do you really want to allow "httP://www.pawnshop.om/" to be entered?

Text field validation is, almost invariably, best done by using RegExps
: see <URL:http://www.merlyn.demon.co.uk/js-valid.htm> and references
therein.

It's a good idea to read the newsgroup and its FAQ. See below.

 

[Dr J R Stockton]

For actually validating an e-mail address,

function isEmailAddress(string) {
return /^[^@]+@([^.]+\.)+[a-z]+$/.test(string);
}

should suffice.

An E-address is of the form LHS@RHS. The second @ in your RegExp seems
to represent the one between LHS & RHS, and the first @ in the RegExp
ensures that the second @ in the RegExp finds the first @ in the string.
But I see nothing to ensure that the apparent RHS contains no @ -
indeed, "a@[email protected]" is accepted. Change [^.] to [^.@] ?

Personally, I think that the purpose of the test must be to ensure that
the field is non-empty, and that what it contains is an attempted
E-address rather than something which should have been put elsewhere.

Be aware that even the regular expression above is restrictive as it
won't accept literal IPv6 addresses, those that contain display names,
or comments in some locations. I should think that the former would be
too impractical to remember, and a host name that resolved to an IPv6
address would be more likely. Leading or trailing comments are more
likely in addresses that included a display name, and you don't want
display names, anyway, just the address specification (addr-spec).

Redefine my "<something>" from .+ to \S+ (a good move anyway!), omit
the leading ^ & trailing $, and it will accept anything containing a
"word" which might be an E-address.

In general, ISTM that one can do an easy minimal test to show that it is
an attempted E-address, or a difficult maximal test to assure full
compliance with one of the forms permitted by RFCs --- and that anything
in between smacks of falling between two stools.

 

[Michael Winter]

For actually validating an e-mail address,

function isEmailAddress(string) {
return /^[^@]+@([^.]+\.)+[a-z]+$/.test(string);
}

should suffice.

An E-address is of the form LHS@RHS. The second @ in your RegExp seems
to represent the one between LHS & RHS, and the first @ in the RegExp
ensures that the second @ in the RegExp finds the first @ in the string.
But I see nothing to ensure that the apparent RHS contains no @ -
indeed, "a@[email protected]" is accepted. Change [^.] to [^.@] ?

It depends on what the real aim is, I suppose. On reflection, I hadn't
adequately determined that for myself.

I think it's reasonable that exactly one at symbol (@) should occur in
an e-mail address, even though more can occur if quoted strings
(local-part), comments, or domain-literals are permitted. Further, if
only the address specification is needed (display name and such are to
be rejected) then the domain part could be limited to legal domain names
(and possibly IP addresses).

Personally, I think that the purpose of the test must be to ensure that
the field is non-empty, and that what it contains is an attempted
E-address rather than something which should have been put elsewhere.
For that, <something> @ <something> . <something> seems sufficient.

Maybe. The address should be completely examined before use, so
something as lax as /.+@.+(\..+)+/ would be fine in the end. That said,
it's astonishing how cavalier some people are regarding form mail
validation. Only today did I see someone using absolutely no syntax
checking at all.

[snip]

Redefine my "<something>" from .+ to \S+ (a good move anyway!), omit
the leading ^ & trailing $, and it will accept anything containing a
"word" which might be an E-address.

Yes, though there are legal addresses that could contain spaces, not
that I'd expect them to be in use. That change would still validate such
an address, though it wouldn't match the entire thing.

In general, ISTM that one can do an easy minimal test to show that it is
an attempted E-address, or a difficult maximal test to assure full
compliance with one of the forms permitted by RFCs --- and that anything
in between smacks of falling between two stools.

Not necessarily. I think there is a middle ground, it's just a matter of
finding it.

I have encountered ridiculously restrictive interfaces: one wouldn't
allow full stops (.) in the local-part, and one wouldn't allow
underscores (_). Naturally, in each instance I wanted to use an address
that contained such characters. Whilst I would hope that no-one in their
right mind would ever want to reject those characters, and though I
don't think narrowing down the precise set of allowable characters is
sensible either, something as simple as limiting the presence of the at
symbol and dot doesn't quite deserve to be labelled a half-hearted attempt.

Clearly, if one is expecting a full mailbox or mailbox list, then only a
minimal test is practical.

Mike