#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2008
    Posts
    17
    Rep Power
    0

    Arrow Iframe allowed for certain domains regex


    hi

    I'm messing around with the settings in my IMPERVA admin panel.
    when it comes across iframes it disallowed it.
    I would like to allow it for certain domains I trust ("white" list):
    Code:
    youtube.com, youtu.be, youtube.com.br, vimeo.com, player.vimeo.com
    here is the regex that triggers it:
    Code:
    (<\x00*iframe)+[^>]*src[\s\x00]*\=
    I need the regexp to NOT trigger (not match) in case of the above domains.

    what should be the right regex for this?
    by the way is this POSIX, right ?

    this is as far as I got but it doesn't work:
    Code:
    (<\x00*iframe)+[^>]*src[\s\x00]*\=["|']?(?:http://|https://|//)(?:www.)?(?!youtube.com|youtu.be|youtube.com.br|vimeo.com|player.vimeo.com)
  2. #2
  3. CSS & JS/DOM Adept
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jul 2004
    Location
    USA (verifiably)
    Posts
    20,124
    Rep Power
    4303
    The "|" will not have the intended affect in the character class (unless you really intend it as a literal character?). Also you need to make sure that those domains are not used as subdomains of some other domain. Don't forget to escape each "." so they are not interpreted as "any single non-newline character".
    Code:
    (<\x00*iframe)+[^>]*src[\s\x00]*\=[\s\x00]*["']?(?:http://|https://|//)(?:www\.)?(?!(?:youtube\.com|youtu\.be|youtube\.com\.br|vimeo\.com|player\.vimeo\.com)/)([a-z0-9-]+\.)+[a-z]{,8}/
    If that doesn't work, you may need to escape the slashes. Keep in mind that some regex implementations don't support look-arounds.
    Spreading knowledge, one newbie at a time.

    Check out my blog. | Learn CSS. | PHP includes | X/HTML Validator | CSS validator | Common CSS Mistakes | Common JS Mistakes

    Remember people spend most of their time on other people's sites (so don't violate web design conventions).

IMN logo majestic logo threadwatch logo seochat tools logo