代码是用JSP编写的,应该验证密码并确认密码的正确性,然后将提交事件继续到Java servlet。但问题是,如果验证脚本失败,它不会显示警报消息,也不会关注密码输入。我使用铬,探险家和Eclipse的默认浏览器..只是将无法正常工作Javascript将不会与html代码交互
function validate(event){
event.preventDefault();
var pattern = /^(?=.*[a-z].*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,32}$/;
var pwd = document.form.password.value;
var confPwd = document.fomr.confPass.value;
if(pwd.match(pattern)){
\t alert("Password must be between 8 to 32 characters,\n have at least one digit \n two lower and one upper case letters.");
document.form.password.focus();
return false;
}else if(pwd == confPwd){
alert("Passwords do not match. Please try again.");
document.form.password.focus();
document.form.confPass.focus();
return false;
}else{
document.form.submit();
}
}
<form name="form" method="post" action="RegisterPath" onSubmit="return validate(event);">
<table class="box">
<tr>
<td class="left">Password:</td>
<td><input type="password" name="password" placeholder="Enter password" required/></td>
</tr>
<tr>
<td class="left">Confirm Password:</td>
\t <td><input type="password" name="confPass" placeholder="Re-enter password" required/></td>
</tr>
</table>
</form>
'如果(PWD == confPwd)':应该不就是'如果(!PWD = confPwd)'?另外,'document.fomr','fomr'只是一个错字? – AntonH
另外'document.fomr.confPass.value'是一个会妨碍其他函数运行的错字。 – Phylogenesis
客户端密码验证是一个安全循环漏洞。有人可以复制你的页面,并删除验证密码的JavaScript。如果您正在进行客户端验证,请确保您也在服务器端进行验证。 – victor