Merging preg matches

Dev Shed Forums Sponsor:

July 1st, 2009, 09:22 PM

ignas2526

Registered User

Join Date: Jun 2009

Posts: 6

Time spent in forums: 1 h 35 m
Reputation Power: 0

Merging preg matches

Hello,
I trying to merge 10 preg matches in to one, I end up with this:

Code:

/<[^>]*(script|object|iframe|applet|meta|style|form)*"?[^>]*>|\([^>]*"?[^)]*\)|"|'/

I created test to ensure what new preg match works same as old, it passes all tests, except it returns true on

Code:

<>

then it must return false, any ideas how to fix that?
Thanks.

July 2nd, 2009, 04:23 AM

prometheuzz

User 165270

Join Date: Oct 2005

Posts: 497

Time spent in forums: 5 Days 10 h 14 m 35 sec
Reputation Power: 936

Well, "<>" matches this part of your regex (divided over multiple lines for clarity):

Code:

<
[^>]*
(script|object|iframe|applet|meta|style|form)*
"?
[^>]*
>

July 2nd, 2009, 06:13 AM

ignas2526

Registered User

Join Date: Jun 2009

Posts: 6

Time spent in forums: 1 h 35 m
Reputation Power: 0

Yes * is correct, for example:

Code:

<script scriptapplet scriptscript>alert('XSS!')</script scriptscriptscript scriptscript script>

works fine.
Oh ok, so why this preg match returns false on <> :

Code:

/<[^>]*script*"?[^>]*>|<[^>]*object*"?[^>]*>|<[^>]*iframe*"?[^>]*>|<[^>]*applet*"?[^>]*>|<[^>]*meta*"?[^>]*>|<[^>]*style*"?[^>]*>|<[^>]*form*"?[^>]*>|\([^>]*"?[^)]*\)|"|\'/

July 2nd, 2009, 06:22 AM

prometheuzz

User 165270

Join Date: Oct 2005

Posts: 497

Time spent in forums: 5 Days 10 h 14 m 35 sec
Reputation Power: 936

Quote:

Originally Posted by ignas2526

Oh ok, so why this preg match returns false on <> :
...

Here's the first part of your regex with a little explanation:

Code:

<             // match a '<'
[^>]*         // match zero or more characters other than '>'
scrip         // match the string 'scrip'
t*            // match zero or more 't'-s
"?            // match an optional double-quote
[^>]*         // match zero or more characters other than '>'
>             // match a '>'

In other words, that part of your regex will cause the following strings to match:

Code:

<scrip>
<scripttttttttttttttttttttttt>
<scrip"<>

to name just three.

July 2nd, 2009, 06:46 AM

ignas2526

Registered User

Join Date: Jun 2009

Posts: 6

Time spent in forums: 1 h 35 m
Reputation Power: 0

I found where!

Code:

<[^>]*(script|object|iframe|applet|meta|style|form)*[^>]*>

must be:

Code:

<[^>]*(script|object|iframe|applet|meta|style|form)*[^>]>

That regex wasn't my, it was from 414 characters, and speed was about 1.6 secs in test, now its from 99 characters, and speed 0.4 secs in the same test.

July 2nd, 2009, 06:54 AM

prometheuzz

User 165270

Join Date: Oct 2005

Posts: 497

Time spent in forums: 5 Days 10 h 14 m 35 sec
Reputation Power: 936

Quote:

Originally Posted by ignas2526

I found where!

Code:

<[^>]*(script|object|iframe|applet|meta|style|form)*[^>]*>

must be:

Code:

<[^>]*(script|object|iframe|applet|meta|style|form)*[^>]>

That regex wasn't my, it was from 414 characters, and speed was about 1.6 secs in test, now its from 99 characters, and speed 0.4 secs in the same test.

Okay. Now take the following text:

if a < b then there 'a' is bigger than 'b' ... some more text <script> abcdefg </script> ...

Your regex will find two matches (the underlined parts):

if a < b then there 'a' is bigger than 'b' ... some more text <script> abcdefg </script> ...

July 2nd, 2009, 07:06 AM

ignas2526

Registered User

Join Date: Jun 2009

Posts: 6

Time spent in forums: 1 h 35 m
Reputation Power: 0

All regex are failure in some cases, however in my case I don't care what is before or what is after, the only thing I need is to detect if there any XSS, if its detected, script simply destroys whole string, so no matter what is before or after. The more important is to not detect strings who does not contain XSS like <>

Merging preg matches

Developer Shed Advertisers and Affiliates