Difference By Example

1. /^foo$/ matches any of the following, /\Afoo\z/ does not:

whatever1
foo
whatever2

foo
whatever2

whatever1
foo

2. /^foo$/ and /\Afoo\z/ all match the following:

foo

The start and end of a string may not necessarily be the same thing as the start and end of a line. Imagine if you used the following as your test string:

my
name
is
Andrew

Notice that the string has many lines in it - the ^ and $ characters allow you to match the beginning and end of those lines (basically treating the \n character as a delimeter) while \A and \Z allow you to match the beginning and end of the entire string.

If you're depending on the regular expression for validation, you always want to use \A and \z. ^ and $ will only match up until a newline character, which means they could use an email like me@example.com\n<script>dangerous_stuff();</script> and still have it validate, since the regex only sees everything before the \n.

My recommendation would just be completely stripping new lines from a username or email beforehand, since there's pretty much no legitimate reason for one. Then you can safely use EITHER \A \z or ^ $.

According to Pickaxe:

^ Matches the beginning of a line.

$ Matches the end of a line.

\A Matches the beginning of the string.

\z Matches the end of the string.

\Z Matches the end of the string unless the string ends with a "\n", in which case it matches just before the "\n".

So, use \A and lowercase \z. If you use \Z someone could sneak in a newline character. This is not dangerous I think, but might screw up algorithms that assume that there's no whitespace in the string. Depending on your regex and string-length constraints someone could use an invisible name with just a newline character.

JavaScript's implementation of Regex treats \A as a literal 'A' (ref). So watch yourself out there and test.