Regex + URL + Markdown Documentation Workflow
Build and test regex patterns, validate URL-encoded inputs, and document everything in Markdown. A complete input validation workflow with Bash, Python, and Node.js examples.
The Problem
You are implementing form validation that needs to handle URL-encoded input from browsers, validate it with regex patterns, and document the validation rules for your team. Testing regex against encoded input is tricky, and undocumented validation rules become unmaintainable.
Why This Workflow Matters
Input validation is the first line of defense against injection attacks, data corruption, and user frustration. Regex patterns that work on raw input may fail on URL-encoded data. Documenting validation rules in Markdown creates a living specification that developers, QA, and product teams can reference — preventing the classic problem of validation logic known only to its original author.
Workflow Overview
Step-by-Step Instructions
Build and test your regex pattern
Open the Regex Tester and build your validation pattern. Test it against multiple inputs: valid cases, edge cases, and attack strings. Note the flags you need (case-insensitive, multiline, etc.).
Test against URL-encoded input
Use the URL Encoder to encode your test inputs. Then test the regex against the encoded versions. Decide whether to decode before validating or adjust the regex to handle encoded characters.
Document the validation rules
Write a Markdown specification for each validation rule. Include the regex pattern, description, valid/invalid examples, and edge cases. Preview the documentation in the Markdown Preview.
Generate validation code
Use the tested regex and documentation to write validation functions in your language of choice. Include the Markdown docs as code comments for future maintainers.
Before & After
Untested regex, no documentation
// Regex written from memory, never tested const emailRegex = /\S+@\S+/; // Breaks on URL-encoded input: user%40example.com // No documentation for the team
Tested regex, URL-aware, documented
// Tested against 15 valid/invalid cases
const emailRegex = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/;
// Decodes URL input before validation
// Documented in validation-rules.md with examples
Automate This Workflow
Copy these scripts to automate the workflow in your preferred language:
$
Bash
# Test email regex against URL-encoded input
EMAIL_REGEX='^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
# Decode URL-encoded input first
ENCODED="user%40example.com"
DECODED=$(python3 -c "import urllib.parse; print(urllib.parse.unquote('$ENCODED'))")
# Validate
if [[ "$DECODED" =~ $EMAIL_REGEX ]]; then
echo "Valid: $DECODED"
else
echo "Invalid: $DECODED"
fi
# Generate Markdown docs
cat > validation-rules.md << 'EOF'
# Input Validation Rules
## Email Validation
- Pattern: `^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$`
- Decode URL input before validation
- Valid: `[email protected]`, `[email protected]`
- Invalid: `@domain.com`, `user@`, `[email protected]`
EOF
Py
Python
import re
from urllib.parse import unquote
# Define validation rules
RULES = {
"email": {
"pattern": r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$",
"description": "Valid email address",
"examples": {"valid": ["[email protected]"], "invalid": ["@x.com"]},
},
"url": {
"pattern": r"^https?://[\w.-]+\.[a-zA-Z]{2,}(/\S*)?$",
"description": "HTTP/HTTPS URL",
"examples": {"valid": ["https://example.com"], "invalid": ["ftp://x"]},
},
}
def validate(field: str, value: str, decode_url: bool = True) -> bool:
"""Validate input against named rule, with optional URL decoding."""
if decode_url:
value = unquote(value)
rule = RULES[field]
return bool(re.match(rule["pattern"], value))
# Test with URL-encoded input
print(validate("email", "user%40example.com")) # True
print(validate("url", "https%3A%2F%2Fexample.com")) # True
JS
Node.js
const RULES = {
email: {
pattern: /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/,
description: "Valid email address",
},
url: {
pattern: /^https?:\/\/[\w.-]+\.[a-zA-Z]{2,}(\/\S*)?$/,
description: "HTTP/HTTPS URL",
},
};
function validate(field, value, decodeUrl = true) {
if (decodeUrl) value = decodeURIComponent(value);
return RULES[field].pattern.test(value);
}
// Test with URL-encoded input
console.log(validate("email", "user%40example.com")); // true
console.log(validate("url", "https%3A%2F%2Fexample.com")); // true
// Generate Markdown docs
const md = Object.entries(RULES)
.map(([name, r]) => `## ${name}\n- Pattern: \`${r.pattern}\`\n- ${r.description}`)
.join("\n\n");
console.log(md);Frequently Asked Questions
Should I URL-decode input before or after regex validation?
user%40example.com would fail an email regex). Decode first with decodeURIComponent() or urllib.parse.unquote(), then validate the raw value.
How do I test regex patterns against edge cases?
[email protected]; DROP TABLE), and boundary values. Test at least 5 valid and 5 invalid inputs per pattern.
Why document validation rules in Markdown?
What regex flavors differ between languages?
/pattern/flags syntax while Python uses raw strings r'pattern'. Key differences: JS has no lookbehind support in older engines, Python supports named groups with (?P<name>), and Bash regex does not support non-greedy quantifiers. Always test in your target language.
Related Workflows
Try These Tools Now
All tools in this workflow are free and work directly in your browser — no sign-up required.