I have a regular expression to validate password rules.
In a .Net Console application, it is correctly rejecting or validating passwords as expected.
var strongRegex = new Regex("^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[^a-zA-Z0-9])");
Console.WriteLine(strongRegex.IsMatch("Test_1234"));
This returns "true", as expected.
When I add this to my model in an ASP.Net MVC project, this same value is being rejected by jQuery's unobtrusive validation on the client.
[RegularExpression("^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[^a-zA-Z0-9])"]
I viewed the page source to see how this is being rendered due to reading about case-sensitivity issues in prior framework versions, but that doesn't seem to be the case here ... it renders the following on the input element:
data-val-regex-pattern="^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[^a-zA-Z0-9])"
And this causes the same value that works in the console application ("Test_1234") to fail client-side validation.
.*like^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[^a-zA-Z0-9]).*$[^a-zA-Z0-9]--allows anything to be put in as a valid character. This includes the control characters that are at the start of ASCII and anything in the Unicode set that comes above ASCII. Is this what you intended?