[Exist-open] XQuery regex for valid XML element names

[Dave F. <dav...@gm...>]

I'm in the process of putting together a script that takes a user-supplied
or system-defined string (via a URL parameter usually) and using that
string as part of an XPath expression that will ultimately be processed in
a util:eval(...) function call. One of the problems with this is the
potential for security vulnerabilities through code injection, so I want to
make sure the user-defined string passes a few tests before passing it
along to util:eval. One such test is to make sure the user-supplied string
is in fact a valid XML element and/or attribute name. Here's where I ran
into a problem.

I started off on what I thought would be a 15-minute research project: find
a regex I can use in XQuery (i.e. something i can use in the
fn:matches(...) function) that I could use to validate or invalidate that a
given arbitrary string was a valid XML element and/or attribute label. I'm
found some example in Java, PHP, and other languages, but nothing for
XQuery. Even worse, the examples I did find were in comment threads where
no one seemed to agree what the "correct" solution is. I went through
"official" documentation from various sources including those from the
w3schools web site as well, to no avail.

The most helpful thing I could find were the following rules in plain
English (from w3schools):


   - Names can contain letters, numbers, and other characters
   - Names cannot start with a number or punctuation character
   - Names cannot start with the letters xml (or XML, or Xml, etc)
   - Names cannot contain spaces


Now I am in the process of putting together my own regex checking
algorithm, but I haven't had much luck in getting it to work correctly. I
figured I would ask the greater community if there was a quick solution
before I spend too many hours trying to solve what I hoped would be a
relatively simple problem. :-)

eXist details:
eXist 2.1 trunk, rev 17098
Java 1.6
MacOS X 10.7.4

-- 
David Finton