I'm trying to get my Javascript code 100% JSLint clean.
I've got a regular expression:
linkRgx = /https?:\/\/[^\s;|\\*'"!,()<>]+/g;
JSLint reports:
Insecure '^'
What makes the use of the negation of the character set "insecure" ?
[^\s;|\\*'"!,()<>] matches any ASCII character other than the ones listed, and any non-ASCII character. Since JavaScript strings are Unicode-aware, that means every character known to Unicode. I can see a lot of potential for mischief there.
Rather than disable the warning, I would rewrite the character class to match the characters you do want to allow, as this regex from the Regular Expressions Cookbook does:
/\bhttps?:\/\/[-\w+&@#/%?=~|$!:,.;]*[\w+&@#/%=~|$]/g