HeoLab
ToolsBlogAboutContact
HeoLab

Free developer tools with AI enhancement. Built for developers who ship.

Tools

  • JSON Formatter
  • JWT Decoder
  • Base64 Encoder
  • Timestamp Converter
  • Regex Tester
  • All Tools →

Resources

  • Blog
  • What is JSON?
  • JWT Deep Dive
  • Base64 Explained

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 HeoLab. All rights reserved.

Tools work in your browser. Zero data retention.

HomeBlogUsing Regex for Form Validation: Patterns and Pitfalls
Table of Contents▾
  • Table of Contents
  • HTML5 Pattern Attribute
  • JavaScript Validation
  • Password Requirements
  • Real-time Feedback
  • Common Mistakes
tutorials#regex#validation#forms

Using Regex for Form Validation: Patterns and Pitfalls

How to use regular expressions for form validation in JavaScript and HTML — with reusable patterns and common mistakes to avoid.

Trong Ngo
February 22, 2026
2 min read

Table of Contents

  • HTML5 Pattern Attribute
  • JavaScript Validation
  • Password Requirements
  • Real-time Feedback
  • Common Mistakes

HTML5 Pattern Attribute

<!-- Username: 3-20 chars, letters/numbers/underscore -->
<input type="text" pattern="[a-zA-Z0-9_]{3,20}" required />

<!-- US ZIP code -->
<input type="text" pattern="\d{5}(-\d{4})?" required />

Add a title attribute to explain requirements to the user.

JavaScript Validation

function validate(value, pattern) {
  return pattern.test(value.trim());
}

const emailPattern = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/;
validate("user@example.com", emailPattern); // true
validate("not-an-email", emailPattern);     // false

Password Requirements

Check each requirement separately for better UX:

const rules = {
  minLength: (p) => p.length >= 8,
  hasUppercase: (p) => /[A-Z]/.test(p),
  hasLowercase: (p) => /[a-z]/.test(p),
  hasDigit: (p) => /\d/.test(p),
  hasSpecial: (p) => /[^a-zA-Z0-9]/.test(p),
};

Showing per-rule feedback is far better UX than a single error message.

Real-time Feedback

const input = document.querySelector("#email");

input.addEventListener('blur', () => {
  const valid = emailPattern.test(input.value);
  input.setAttribute("aria-invalid", String(!valid));
});

Validate on blur, not on every keystroke — it's less annoying.

Common Mistakes

MistakeProblemFix
No anchorsMatches anywhere in stringUse ^...$
Too strict emailRejects valid addressesUse simple pattern
Client-side onlyBypassableAlways validate server-side too

Test your patterns with the Regex Tester.

Try These Tools

Regex Tester & Debugger

Test regular expressions against strings in real-time. Visualize matches, groups, and flags.

Related Articles

Mastering Regex Lookahead and Lookbehind

2 min read

How to Write Efficient Regular Expressions

2 min read

10 Regex Patterns Every Developer Should Know

1 min read

Back to Blog

Table of Contents

  • Table of Contents
  • HTML5 Pattern Attribute
  • JavaScript Validation
  • Password Requirements
  • Real-time Feedback
  • Common Mistakes

Related Articles

Mastering Regex Lookahead and Lookbehind

2 min read

How to Write Efficient Regular Expressions

2 min read

10 Regex Patterns Every Developer Should Know

1 min read