diff --git a/src/definitions/behaviors/form.js b/src/definitions/behaviors/form.js index a1ed2ece9..d83864038 100644 --- a/src/definitions/behaviors/form.js +++ b/src/definitions/behaviors/form.js @@ -57,6 +57,7 @@ $.fn.form = function(parameters) { metadata, selector, className, + regExp, error, namespace, @@ -262,6 +263,12 @@ $.fn.form = function(parameters) { } }); return allValid; + }, + validHTMLID(value) { + if(typeof value !== 'string') { + return false; + } + return value.search(regExp.htmlID) !== -1; } }, @@ -465,6 +472,7 @@ $.fn.form = function(parameters) { metadata = settings.metadata; selector = settings.selector; className = settings.className; + regExp = settings.regExp; error = settings.error; moduleNamespace = 'module-' + namespace; eventNamespace = '.' + namespace; @@ -477,7 +485,7 @@ $.fn.form = function(parameters) { }, field: function(identifier) { module.verbose('Finding field with identifier', identifier); - if( $field.filter('#' + identifier).length > 0 ) { + if(module.is.validHTMLID(identifier) && $field.filter('#' + identifier).length > 0 ) { return $field.filter('#' + identifier); } else if( $field.filter('[name="' + identifier +'"]').length > 0 ) { @@ -595,7 +603,7 @@ $.fn.form = function(parameters) { if(typeof identifier !== 'string') { module.error(error.identifier, identifier); } - if( $field.filter('#' + identifier).length > 0 ) { + if(module.is.validHTMLID(identifier) && $field.filter('#' + identifier).length > 0 ) { return true; } else if( $field.filter('[name="' + identifier +'"]').length > 0 ) { @@ -1090,6 +1098,7 @@ $.fn.form.settings = { }, regExp: { + htmlID : /^[a-zA-Z][\w:.-]*$/g, bracket : /\[(.*)\]/i, decimal : /^\d+\.?\d*$/, email : /^[a-z0-9!#$%&'*+\/=?^_`{|}~.-]+@[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)*$/i,