Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Regex for script injection

Posted on 2008-10-14
5
Medium Priority
?
715 Views
Last Modified: 2010-04-21
What would a regex look like for alpha or alpha + numeric with spaces.  Spaces are only between words.  I'd like to flag such characters as "<", ">" that are used in <script>.

This is for .net 3.5 C#.
0
Comment
Question by:brettr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 27

Expert Comment

by:ddrudik
ID: 22716962
in regex patterns, generally:

alpha:
a-zA-Z
numeric:
[0-9]
spaces would just be spaces.

<[^>]*> would generally match most HTML tags.
<script\s[^>]*> would match a script starting tag
<script\s[^>]*>.*?</script> would match most script blocks, assuming you have . matching \n in your code.  if your platform does not have an option for that, use [\S\s] instead of . to match all characters.
0
 

Author Comment

by:brettr
ID: 22717000
Can you show what the full pattern would look like?  Thanks.
0
 
LVL 84

Accepted Solution

by:
ozo earned 2000 total points
ID: 22717286
^[\w\s]*$
0
 
LVL 27

Expert Comment

by:ddrudik
ID: 22718126
alpha:
"a-zA-Z"
numeric:
"[0-9]"
spaces would just be spaces.
" "
"<[^>]*>" would generally match most HTML tags.
"<script\s[^>]*>" would match a script starting tag
"<script\s[^>]*>.*?</script>" would match most script blocks, assuming you have . matching \n in your code.  if your platform does not have an option for that, use [\S\s] instead of . to match all characters.

The patterns are in quotes.
If you want to match all of that in one pattern:
"[a-zA-Z0-9 ]|<script\s[^>]*>.*?</script>|<[^>]*>"

It depends on your source text as to what pattern you need though, more specifics would be required as well as your platform before a suitable pattern could be given.  If you attempted to use the patterns supplied they would disallow characters in non-HTML tag text as well.
0
 

Author Closing Comment

by:brettr
ID: 31506119
Sorry ddrudik but yours isn't working with

<script>myname>
or
myname>
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Whatever be the reason, if you are working on web development side,  you will need day-today validation codes like email validation, date validation , IP address validation, phone validation on any of the edit page or say at the time of registration…
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question