"I've been given the task to port some old code to a new platform," writes João Neves. "While porting some Javascript string validation functions, something caught my eye. "
"Now my eyes are filled with tears."
function valid_name(subfolder) { var special_chars = "áàããäéèêëíìîïóòõôöúùûüçñ" + "!\"#$%&\\\/=?\'»«}{[]§£@,;.:-`´^~<>"; var valid = "true"; //var special_char = "[á|à|ã|ã|ä|é|è|ê|ë|í|ì|î|ï|ó|ò|õ|ô|ö|ú|ù|û|ü|ç|ñ" + "|!|\"|\#|\$|\%|\&|\/|\=|\?|\'|\»|\«|\=|\}|\{|\[|\]" + "|\§|\£|\@|\,|\;|\.|\:|\-|\`|\´|\^|\~|\<|\>|\]"; for (var i = 0; i < subfolder.length; i++) { if (special_chars.indexOf(subfolder.charAt(i)) != -1) { valid = "false"; } } return valid; }
João continues, "I don't even know where to begin. The purpose was to check if the string only contained alpha-numeric characters, with no accents (indeed, they tell the user the only valid characters are 0-9, a-z and A-Z). They check for a load of characters (which doesn't even contain å or â and has ã twice!), they don't stop checking even when the string is already invalid and they use 'true' or 'false' strings as the return value (and yes, they do string comparison with these results and nothing else)! I guess boolean values are magical, obscure beasts? "