Js regexp: How to extract special substring ?

Question

My code sample is as the following:

    let str = '<p>test xss<img src=x onerror=alert(1)><h1 onmouseover=prompt(0)></h1></p>';

    console.log(str.replace(/(<img [\s\S]*>?|<h1 [\s\S]*><\/h1>)/i, ''));

My purpose is very clear: extract img and h1 tag from str, so I expect the result is <p>test xss</p>, but actually the result is <p>test xss. It seems the regexp string img judgement part match the end of str. Can anyone tell me how to write this regexp string correctly ?

regexp on html "strings" are [notorious](https://stackoverflow.com/a/1732454/5053002) — Jaromanda X, Jan 30 '18 at 03:36
I'd suggest using DOMParser, but it's going to mess with the `h1` inside the `p` — Jaromanda X, Jan 30 '18 at 03:43

score 0 · Answer 1 · answered Jan 30 '18 at 03:45

This is a little incomplete code, but just to give an example. Try something like this

let parser = new DOMParser()
let doc = parser.parseFromString(parser, "text/html")

and then you can operate on the doc like a HTMLDocument Node, with querySelectorAll and stuff

score 0 · Answer 2 · answered Jan 30 '18 at 03:54

0

How about this:

'<p>test xss<img src=x onerror=alert(1)><h1 onmouseover=prompt(0)></h1></p>'.replace(/<p>([\w ]+)\b.*<\/p>/, '<p>$1</p>')

?

answered Jan 30 '18 at 03:54

Bob Dust

2,370
1
17
13

score 0 · Accepted Answer · answered Feb 06 '18 at 01:19

0

I change my regexp rule to /(<img [\s\S]*?>|<h1[\s\S]*\/h1>)/ig and it works now.

answered Feb 06 '18 at 01:19

ahwyX100

585
2
9
22

Js regexp: How to extract special substring ?

3 Answers3