Validate internal name for Select, CheckboxGroup or RadioGroup options
We should prevent the user choosing internal names for options that contain certain characters such as quotes. Options can be used for filtering the Manuscripts table, and to prevent SQL injection the server will refuse to filter on options containing dangerous characters. We should therefore prevent users choosing these dangerous names in the first place.
Ideally we would just limit these names to alphanumerics plus perhaps underscore and hyphen, but we already have some customers using options with other characters such as >
, /
, :
.
The following pattern should be safe and should also permit all existing names already in use:
/^[\w :./,()-<>=_]+$/