Confirmation validation doesn't handle some special characters #706
Description
I recently upgraded from Rails 4.2 to 5.1 and as a result also updated CSV from 4.2.5 to 9.3.1. I'm having an issue with the CSV 9.3.1 confirmation. We use an email_confirmation input in several forms and with certain emails the confirmation validation is failing even when the values are the same.
For example, emails "test@example.com" and "test000@example.com" when typed into email and email_confirmation inputs will validate, but "test+000@example.com" will always fail confirmation validation.
I've traced this down to the way the latest confirmation function uses the input value as a regex and then calls regex.test against the confirmation input value. This would interpret the "+" as a regex modifier instead of a literal. I expect this also fails with other special characters and would also be a problem with password confirmation.
confirmation: function(element, options) {
var regex;
regex = new RegExp("^" + (element.val()) + "$", options.case_sensitive ? '' : 'i');
if (!regex.test($("#" + (element.attr('id')) + "_confirmation").val())) {
return options.message;
}
}
I propose the confirmation function be refactored to .toLowerCase() both input values when options.case_sensitive is false and then a straight equality comparison performed. I can provide a code snippet or pull request to this effect if desired.