However the values from the inputs are retreived, they are then matched against the regex patterns.
If not a match, it is probably good practice to indicate to the user which field failed validation and what is required to pass: Being dynamically typed, nailing down the type of a variable in Java Script is more involved than in strictly typed languages.
I'm pretty sure detailed knowledge of Regex is what the test is after...
These techniques have their limitations; the value 5.000000000000000001 will be rounded to 5 and evaluate as an int.
Use of some Math library functions has also been employed in evaluating for numeric types.
Java Script injection is also called cross-site injection attack or XSS.
While it is tempting to try to use regex to filter out HTML tags in form input, a better solution is to use an existing library (like HTML Purifier) to do any filtering.
The patterns might look something like these (these are probably a bit naive but they illustrate the point): The easiest way to play with these functions is to open up the developer console in your browser.
While not really that germain to this exam, I found the text analytics courses (essentials 1 and case study) over at IBM's Big Data University really good practice for learning regular expressions.
These patterns can be something very simple like /abc/ which matches the string 'abc', or they can use a collection of special characters to make more sophisticated matches.
A comprehensive list of these special characters can be found in the Mozilla Dev Net article about regular expressions.
Another possibility is to transform all the inputs into HTML entities (i.e.
becomes <p>), which is accomplished by assigning the value of the input to the text Content of a temporary element (like a textarea) and then assigning the inner HTML of this temporary element back to the input.
In the example below we add the two numbers given by the user.