Solved

Regex for script injection

Posted on 2008-10-14
5
702 Views
Last Modified: 2010-04-21
What would a regex look like for alpha or alpha + numeric with spaces.  Spaces are only between words.  I'd like to flag such characters as "<", ">" that are used in <script>.

This is for .net 3.5 C#.
0
Comment
Question by:brettr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 27

Expert Comment

by:ddrudik
ID: 22716962
in regex patterns, generally:

alpha:
a-zA-Z
numeric:
[0-9]
spaces would just be spaces.

<[^>]*> would generally match most HTML tags.
<script\s[^>]*> would match a script starting tag
<script\s[^>]*>.*?</script> would match most script blocks, assuming you have . matching \n in your code.  if your platform does not have an option for that, use [\S\s] instead of . to match all characters.
0
 

Author Comment

by:brettr
ID: 22717000
Can you show what the full pattern would look like?  Thanks.
0
 
LVL 84

Accepted Solution

by:
ozo earned 500 total points
ID: 22717286
^[\w\s]*$
0
 
LVL 27

Expert Comment

by:ddrudik
ID: 22718126
alpha:
"a-zA-Z"
numeric:
"[0-9]"
spaces would just be spaces.
" "
"<[^>]*>" would generally match most HTML tags.
"<script\s[^>]*>" would match a script starting tag
"<script\s[^>]*>.*?</script>" would match most script blocks, assuming you have . matching \n in your code.  if your platform does not have an option for that, use [\S\s] instead of . to match all characters.

The patterns are in quotes.
If you want to match all of that in one pattern:
"[a-zA-Z0-9 ]|<script\s[^>]*>.*?</script>|<[^>]*>"

It depends on your source text as to what pattern you need though, more specifics would be required as well as your platform before a suitable pattern could be given.  If you attempted to use the patterns supplied they would disallow characters in non-HTML tag text as well.
0
 

Author Closing Comment

by:brettr
ID: 31506119
Sorry ddrudik but yours isn't working with

<script>myname>
or
myname>
0

Featured Post

Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us here at EE write code. Many of us write exceptional code; just as many of us write exception-prone code. As we all should know, exceptions are a mechanism for handling errors which are typically out of our control. From database errors, t…
More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question