I am using an inbuilt esapi validator. It is defined as follows:
Validator.SafeString=^[.\\p{Alnum}\\p{Space}]{0,1024}$
I am not very familiar with regex and after some reading, I understand that this expression is matching alphanumerics and spaces.
I would like to extend this expression to include *,-()&+ and /. I tried doing the following but it doesnt seem to work
Validator.SafeString=^[.\\p{Alnum}\\p{Space}*,-()&+]{0,1024}$
I would create a separate entry in validation.properties, OWASP's intent for SafeString is to provide a guaranteed safe string for any application. By accepting characters that can be interpreted as code in Javascript, you no longer have a SafeString as intended by the API. That could have disastrous consequences if other parts of your application are utilizing SafeString as originally intended.
Use @Fede's first regex, but address it like this:
Validator.SomethingElse=^[.\\p{Alnum}\\p{Space}*,()&+-]{0,1024}$
And call it like this:
ESAPI.validator().isValidInput(CONTEXT, input, "SomethingElse", MAX_FIELD_LENGTH, true);
Note that the "true" mark corresponds to whether or not a string can be null.