Validation (Regex)

The Validation (Regex) field property allows you to define custom validation rules for field values using regular expressions (regex). You can use regex validation to ensure users enter values in a specific format, such as email addresses, URLs, phone numbers, IDs, or dates.

When a field value does not match the configured regex pattern, Contentstack displays a validation error and prevents users from saving the entry.

Use regex validation when you need to:

• Enforce consistent formatting across entries
• Restrict invalid user input
• Validate structured values such as email addresses, URLs, IDs, or dates
• Apply custom validation rules beyond built-in field validations

The Validation (Regex) property is available only for the following field types:

• Single Line Textbox
• Multi-Line Textbox

To configure regex validation for a field, log in to your Contentstack account and perform the following steps:

1. Navigate to your stack and open the content type where you want to configure regex validation.
2. Add or edit a Single Line Textbox or Multi-Line Textbox field.
3. Open the field properties panel and click the Advanced tab.
4. In the Validation (Regex) field, enter the required regex pattern.
5. Save the content type.

When users enter a value that does not match the configured pattern, Contentstack displays a validation error and prevents the entry from being saved.

The following examples demonstrate commonly used regex validation patterns.

Use the following regex pattern to validate email addresses:

^[a-zA-Z0-9+_.-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}$

Use the following regex pattern to validate URLs:

^(http:\/\/|https:\/\/)?www\.[a-zA-Z0-9:?&=._/-]+\.[a-zA-Z]{2,3}$

Use the following regex pattern to validate dates in the following formats:

• dd/mm/yyyy
• dd-mm-yyyy
• dd.mm.yyyy

This pattern also validates leap years.

^(?:(?:31(\/|-|\.)(?:0?[13578]|1[02]))\1|(?:(?:29|30)(\/|-|\.)(?:0?[1,3-9]|1[0-2])\2))(?:(?:1[6-9]|[2-9]\d)?\d{2})$|^(?:29(\/|-|\.)0?2\3(?:(?:(?:1[6-9]|[2-9]\d)?(?:0[48]|[2468][048]|[13579][26])|(?:(?:16|[2468][048]|[3579][26])00))))$|^(?:0?[1-9]|1\d|2[0-8])(\/|-|\.)(?:(?:0?[1-9])|(?:1[0-2]))\4(?:(?:1[6-9]|[2-9]\d)?\d{2})$

Use the following recommendations when creating regex validation rules in Contentstack.

Avoid overly complex expressions with deeply nested groups or excessive repetition operators. Complex regex patterns can slow down validation and affect browser performance.

For example, avoid patterns such as:

^(a+)+$

Patterns like these can trigger excessive backtracking when validating long input strings.

Instead, use more specific and constrained patterns whenever possible.

Do not combine multiple repeating operators such as *, +, or {} inside nested groups unless necessary.

Problematic example:

(.+)+

Recommended approach:

.+

You can also define explicit character limits:

^[a-zA-Z0-9._-]{1,100}$

Use anchors (^ and $) to validate the complete field value instead of partial matches.

Example:

^[a-zA-Z0-9._-]+$

This ensures that the entire input matches the expected format.

Avoid broad wildcard patterns such as:

.*.*

These patterns increase the number of matching combinations the browser must evaluate.

Instead, define expected character sets explicitly wherever possible.

Before using a regex pattern in production, test it against:

• Long text values
• Empty values
• Invalid characters
• Unexpected input formats
• Repeated character sequences

Testing helps identify validation gaps and performance issues early.

Regex validation in Contentstack executes within the browser using the browser’s regular expression engine. Poorly optimized patterns can affect validation performance and responsiveness.

Inefficient regex patterns may:

• Slow down validation
• Freeze the browser tab
• Cause high CPU usage
• Result in validation failures

WarningComplex regex patterns combined with large input values can negatively affect browser performance during entry creation and editing.

When a regular expression contains complex matching logic or receives lengthy input strings, the browser may attempt millions of matching combinations while evaluating the validation rule. This behavior is known as catastrophic backtracking.

Catastrophic backtracking can:

• Freeze the browser
• Increase CPU usage significantly
• Slow down entry creation and editing
• Affect overall application performance

To reduce the risk of catastrophic backtracking:

• Avoid nested quantifiers
• Use explicit character classes instead of broad wildcards
• Add anchors (^ and $) where applicable
• Restrict input length whenever possible
• Prefer specific patterns over ambiguous expressions

Poorly optimized regex patterns can also increase the risk of Regular Expression Denial of Service (ReDoS) attacks.

A ReDoS attack occurs when a malicious or extremely large input causes the regex engine to consume excessive processing time.

To reduce security risks:

• Avoid ambiguous regex patterns
• Restrict unnecessary repetition operators
• Keep validation logic focused and predictable
• Test patterns with large and invalid input values

WarningInefficient regex patterns may expose applications to performance degradation and denial-of-service scenarios when processing malicious input values.

Regex validation helps enforce structured and consistent field input across your content models. Well-designed regex patterns improve content quality, reduce invalid input, and support predictable data formatting.

When creating regex validation rules, prefer simple and specific patterns, test them thoroughly with realistic input values, and avoid overly complex expressions that may affect browser performance or introduce security risks.