Solved

Regex for script injection

Posted on 2008-10-14
5
687 Views
Last Modified: 2010-04-21
What would a regex look like for alpha or alpha + numeric with spaces.  Spaces are only between words.  I'd like to flag such characters as "<", ">" that are used in <script>.

This is for .net 3.5 C#.
0
Comment
Question by:brettr
  • 2
  • 2
5 Comments
 
LVL 27

Expert Comment

by:ddrudik
ID: 22716962
in regex patterns, generally:

alpha:
a-zA-Z
numeric:
[0-9]
spaces would just be spaces.

<[^>]*> would generally match most HTML tags.
<script\s[^>]*> would match a script starting tag
<script\s[^>]*>.*?</script> would match most script blocks, assuming you have . matching \n in your code.  if your platform does not have an option for that, use [\S\s] instead of . to match all characters.
0
 

Author Comment

by:brettr
ID: 22717000
Can you show what the full pattern would look like?  Thanks.
0
 
LVL 84

Accepted Solution

by:
ozo earned 500 total points
ID: 22717286
^[\w\s]*$
0
 
LVL 27

Expert Comment

by:ddrudik
ID: 22718126
alpha:
"a-zA-Z"
numeric:
"[0-9]"
spaces would just be spaces.
" "
"<[^>]*>" would generally match most HTML tags.
"<script\s[^>]*>" would match a script starting tag
"<script\s[^>]*>.*?</script>" would match most script blocks, assuming you have . matching \n in your code.  if your platform does not have an option for that, use [\S\s] instead of . to match all characters.

The patterns are in quotes.
If you want to match all of that in one pattern:
"[a-zA-Z0-9 ]|<script\s[^>]*>.*?</script>|<[^>]*>"

It depends on your source text as to what pattern you need though, more specifics would be required as well as your platform before a suitable pattern could be given.  If you attempted to use the patterns supplied they would disallow characters in non-HTML tag text as well.
0
 

Author Closing Comment

by:brettr
ID: 31506119
Sorry ddrudik but yours isn't working with

<script>myname>
or
myname>
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question