The cannot-contain-others policy does not properly detect policy violations due to a invalid RegularExpress within the policy implementation.
Specifically the following code:
will never evaluate to false as the match() function never returns a 'falsey' value and always evaluates to true when executed. The issue is caused by the lack of a trailing '/' within the RegularExpression and lack of escaping of the asterisk.
The above code should be modified as follows: