Solved

Regex for script injection

Posted on 2008-10-14
5
694 Views
Last Modified: 2010-04-21
What would a regex look like for alpha or alpha + numeric with spaces.  Spaces are only between words.  I'd like to flag such characters as "<", ">" that are used in <script>.

This is for .net 3.5 C#.
0
Comment
Question by:brettr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 27

Expert Comment

by:ddrudik
ID: 22716962
in regex patterns, generally:

alpha:
a-zA-Z
numeric:
[0-9]
spaces would just be spaces.

<[^>]*> would generally match most HTML tags.
<script\s[^>]*> would match a script starting tag
<script\s[^>]*>.*?</script> would match most script blocks, assuming you have . matching \n in your code.  if your platform does not have an option for that, use [\S\s] instead of . to match all characters.
0
 

Author Comment

by:brettr
ID: 22717000
Can you show what the full pattern would look like?  Thanks.
0
 
LVL 84

Accepted Solution

by:
ozo earned 500 total points
ID: 22717286
^[\w\s]*$
0
 
LVL 27

Expert Comment

by:ddrudik
ID: 22718126
alpha:
"a-zA-Z"
numeric:
"[0-9]"
spaces would just be spaces.
" "
"<[^>]*>" would generally match most HTML tags.
"<script\s[^>]*>" would match a script starting tag
"<script\s[^>]*>.*?</script>" would match most script blocks, assuming you have . matching \n in your code.  if your platform does not have an option for that, use [\S\s] instead of . to match all characters.

The patterns are in quotes.
If you want to match all of that in one pattern:
"[a-zA-Z0-9 ]|<script\s[^>]*>.*?</script>|<[^>]*>"

It depends on your source text as to what pattern you need though, more specifics would be required as well as your platform before a suitable pattern could be given.  If you attempted to use the patterns supplied they would disallow characters in non-HTML tag text as well.
0
 

Author Closing Comment

by:brettr
ID: 31506119
Sorry ddrudik but yours isn't working with

<script>myname>
or
myname>
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction Hi all and welcome to my first article on Experts Exchange. A while ago, someone asked me if i could do some tutorials on object oriented programming. I decided to do them on C#. Now you may ask me, why's that? Well, one of the re…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question