Recently I was working on a function which needed to determine whether or not a string could be used as a variable name. Variable name validation can get tricky so instead of using a crazy regular expression which includes all keywords (which may change over time) and instead of testing for strange unicode characters which are rarely used for variable names, I decided to leverage the JavaScript Function constructor:
The above function takes the string in question and returns true
if the string can be used a variable name. If the string can not be used as a variable name false
is returned.
Some may wonder why I’m doing the following:
varName.replace(/[\s\xA0,\/]|^$/g, '.')
The reason I included the above replacement is to avoid false-positives in the case of an empty string, extra spacing, commas, and forward slashes.
Security
Others have attempted to make the same function using the evil eval()
function which allows for JS injection. Even though the Function
constructor can also be used for evil, when supplying arguments it does prevent you from doing JS injection by making sure the arguments don’t have parentheses.
Examples
The following is an example of what will happen when running for the function for a number of strings:
console.log(isValidVarName('')); // -> false
console.log(isValidVarName('3')); // -> false
console.log(isValidVarName('3d')); // -> false
console.log(isValidVarName('D3')); // -> true
console.log(isValidVarName('D3 ')); // -> false
console.log(isValidVarName('D3,Q')); // -> false
console.log(isValidVarName('D3/*Qs*/')); // -> false
console.log(isValidVarName('D3Q')); // -> true
console.log(isValidVarName('var')); // -> false
console.log(isValidVarName('true')); // -> false
console.log(isValidVarName('undefined')); // -> true
console.log(isValidVarName('null')); // -> false
console.log(isValidVarName('coolio.pop')); // -> false
console.log(isValidVarName('coolio')); // -> true
console.log(isValidVarName('coolio_pop')); // -> true
console.log(isValidVarName('$')); // -> true
console.log(isValidVarName('$á')); // -> true
console.log(isValidVarName('áÑ')); // -> true
console.log(isValidVarName('_')); // -> true
Here is a similar example hosted on JSBin:
JS Bin on jsbin.com