d.shankar Posted October 3, 2007 Share Posted October 3, 2007 This regex matches when the input matches with a XSS attack for eg: if a user enters <script> tag then the regex will prove to be true. But in my case it is failing .. Please help <?php $subject="<script>"; //An XSS input $pattern='(?:\<\w*:?s(?:[^\>]*)t(?!rong))|(?:\<scri)|(<\w+:\w+)'; if(preg_match($pattern,$subject)) { echo "XSS Injection Found in the string $subject"; } else { echo "No XSS Injection Found in the string $subject"; } ?> Code has no errors but it is always echoing the else part. Quote Link to comment https://forums.phpfreaks.com/topic/71621-solved-xss-regex-help/ Share on other sites More sharing options...
jitesh Posted October 3, 2007 Share Posted October 3, 2007 <?php $subject="<script>"; //An XSS input $pattern='((?:\<\w*:?s(?:[^\>]*)t(?!rong))|(?:\<scri)|(<\w+:\w+))'; if(preg_match($pattern,$subject)) { echo "XSS Injection Found in the string ". htmlentities($subject); } else { echo "No XSS Injection Found in the string ". htmlentities($subject); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/71621-solved-xss-regex-help/#findComment-360756 Share on other sites More sharing options...
d.shankar Posted October 4, 2007 Author Share Posted October 4, 2007 Jitesh its working gr8. Thx. Quote Link to comment https://forums.phpfreaks.com/topic/71621-solved-xss-regex-help/#findComment-361476 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.