Regular expressions to match javascript code\Html Code

Question

I have testing for XSS-injection.

The code contains eval function of javascript.

when if takes some javascript code evaluates the script .

I have very basic idea of regular expressions.

I have been searching for regular expression which might filter the contents and might not allow the javascript code inside eval function .

I need to validate the input in short before passing the parameter to eval function. Any help regarding this will be valuable .

Thanks in advance, Tazim.

While Javascript is a lovely language, it can't solve the halting problem. Good luck with your security vulnerabilities. — Brighid McDonnell, Nov 10 '10 at 07:15

score 1 · Answer 1 · answered Nov 11 '10 at 10:35

You're gonna lose that battle, because no regexp can protect from things like hasegawa's XSS vector

(É=[Å=[],µ=!Å+Å][µ[È=-~-~++Å]+({}+Å) [Ç=!!Å+µ,ª=Ç[Å]+Ç[+!Å],Å]+ª])() [µ[Å]+µ[Å+Å]+Ç[È]+ª](Å)
($=[$=[]][(__=!$+$)[_=-~-~-~$]+({}+$)[_/_]+($$=($_=!''+$)[_/_]+$_[+$])])()[__[_/_]+__[_+~$]+$_[_]+$$](_/_)

which is just an alert

Regular expressions to match javascript code\Html Code

1 Answers1