OWASP Validation Regex Repository


 * Note: These Regexs are examples and not built for a particular Regex engine. However, the PCRE syntax is mainly used. In particular, this means that character classes do not contain meta characters which need to be escaped, except the  and   character, where it is assumed that a   needs not to be escaped only when it is the last character in a character class. The character class supports shortcut notations for other character classes like   or   which should not be used as they depend on the LOCALE environment setting in most systems.

Please carefully test the regex in your regex engine.  

url <![CDATA[^((((https?|ftps?|gopher|telnet|nntp)://)|(mailto:|news:))(%[0-9A-Fa-f]{2}|[-_.!~*';/?:@&=+$,A-Za-z0-9])+)([).!';/?:,]blank:)?$]]>  	 A valid URL per the URL spec.

IP  	 <![CDATA[^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$]]> A valid IP Address

e-mail <![CDATA[^[a-zA-Z0-9+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$]]> A valid e-mail address

safetext <![CDATA[^[a-zA-Z0-9 .-]+$]]> Lower and upper case letters and all digits

date <![CDATA[^(?:(?:(?:0?[13578]|1[02])(\/|-|\.)31)\1|(?:(?:0?[1,3-9]|1[0-2])(\/|-|\.)(?:29|30)\2))(?:(?:1[6-9]|[2-9]\d)?\d{2})$|^(?:0?2(\/|-|\.)29\3(?:(?:(?:1[6-9]|[2-9]\d)?(?:0[48]|[2468][048]|[13579][26])|(?:(?:16|[2468][048]|[3579][26])00))))$|^(?:(?:0?[1-9])|(?:1[0-2]))(\/|-|\.)(?:0?[1-9]|1\d|2[0-8])\4(?:(?:1[6-9]|[2-9]\d)?\d{2})$]]> Date in US format with support for leap years

creditcard <![CDATA[^((4\d{3})|(5[1-5]\d{2})|(6011)|(7\d{3}))-?\d{4}-?\d{4}-?\d{4}|3[4,7]\d{13}$]]> A valid credit card number

password <![CDATA[^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{4,8}$]]> 4 to 8 character password requiring numbers and both lowercase and uppercase letters

complexpassword <![CDATA[^(?:(?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))(?!.*(.)\1{2,})[A-Za-z0-9!~<>,;:_=?*+#."&§%°\|\[\]\-\$\^\@\/]{8,32}$]]>  	 4 to 32 character password requiring at least 3 out 4 (uppercase and lowercase letters, numbers and special characters) and no more than 2 equal characters in a row

English_digitwords <![CDATA[^(zero|one|two|three|four|five|six|seven|eight|nine)$]]> The English words representing the digits 0 to 9

English_daywords <![CDATA[^(Mo|Tu|We|Th|Fr|Sa|Su)$]]> English 2 character abbreviations for the days of the week

English_monthwords <![CDATA[^(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)$]]> English 3 character abbreviations for the months

French_digitwords <![CDATA[^(z[eé]ro|un|deux|trois|quatre|cinq|six|sept|huit|neuf)$]]> The French words representing the digits 0 to 9

German_digitwords <![CDATA[^(null|eins|zwei|drei|vier|f(ue|ü)nf|sechs|sieben|acht|neun)$]]> The German words representing the digits 0 to 9

Spanish_digitwords <![CDATA[^(cero|uno|dos|tres|cuatro|cinco|seis|siete|ocho|nueve)$]]> The Spanish words representing the digits 0 to 9

US_zip <![CDATA[^\d{5}(-\d{4})?$]]> US zip code with optional dash-four

US_phone <![CDATA[^\D?(\d{3})\D?\D?(\d{3})\D?(\d{4})$]]> US phone number with or without dashes

US_state <![CDATA[^(AE|AL|AK|AP|AS|AZ|AR|CA|CO|CT|DE|DC|FM|FL|GA|GU|HI|ID|IL|IN|IA|KS|KY|LA|ME|MH|MD|MA|MI|MN|MS|MO|MP|MT|NE|NV|NH|NJ|NM|NY|NC|ND|OH|OK|OR|PW|PA|PR|RI|SC|SD|TN|TX|UT|VT|VI|VA|WA|WV|WI|WY)$]]> 2 letter U.S. state abbreviations

US_ssn <![CDATA[^\d{3}-\d{2}-\d{4}$]]> 9 digit U.S. social security number with dashes

=Other Regex References=

Regex Library Site

http://regexlib.com/: A site that has a HUGE library of regular expressions and other regex resources

Regex Tutorial Site

http://www.regular-expressions.info/: A site with lots of tutorials on writing Regexs and numerous examples

Regex Construction Tool

http://www.ultrapico.com/Expresso.htm: A free regex construction tool

Regex Explanation Tool

http://rick.measham.id.au/paste/explain.pl?regex=.*: Explains in English what the supplied regex means