d.shankar Posted October 3, 2007 Share Posted October 3, 2007 This regex matches when the input matches with a XSS attack for eg: if a user enters <script> tag then the regex will prove to be true. But in my case it is failing .. Please help <?php $subject="<script>"; //An XSS input $pattern='(?:\<\w*:?s(?:[^\>]*)t(?!rong))|(?:\<scri)|(<\w+:\w+)'; if(preg_match($pattern,$subject)) { echo "XSS Injection Found in the string $subject"; } else { echo "No XSS Injection Found in the string $subject"; } ?> Code has no errors but it is always echoing the else part. Link to comment https://forums.phpfreaks.com/topic/71621-solved-xss-regex-help/ Share on other sites More sharing options...
jitesh Posted October 3, 2007 Share Posted October 3, 2007 <?php $subject="<script>"; //An XSS input $pattern='((?:\<\w*:?s(?:[^\>]*)t(?!rong))|(?:\<scri)|(<\w+:\w+))'; if(preg_match($pattern,$subject)) { echo "XSS Injection Found in the string ". htmlentities($subject); } else { echo "No XSS Injection Found in the string ". htmlentities($subject); } ?> Link to comment https://forums.phpfreaks.com/topic/71621-solved-xss-regex-help/#findComment-360756 Share on other sites More sharing options...
d.shankar Posted October 4, 2007 Author Share Posted October 4, 2007 Jitesh its working gr8. Thx. Link to comment https://forums.phpfreaks.com/topic/71621-solved-xss-regex-help/#findComment-361476 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.