0

I am using the following regexp for XSS attack validation. Its checking <..> </> datas correctly. But when I type single character at first its not allowing any single character (eg: if I type 'a' its not allowing). Can anyone help me on this?

/^(|\/|[^\/>][^>]+|\/[^>][^>]+)$/
Vinoth Babu
  • 6,724
  • 10
  • 36
  • 55
  • 2
    Possible duplicate of [Best regex to catch XSS (Cross-site Scripting) attack (in Java)?](https://stackoverflow.com/questions/24723/best-regex-to-catch-xss-cross-site-scripting-attack-in-java) –  May 11 '18 at 20:04
  • What are the expectations? What do you want to do? – revo May 11 '18 at 20:06
  • @revo it should not allow xss attack – Vinoth Babu May 11 '18 at 20:13
  • @Amy - javascript validation I want – Vinoth Babu May 11 '18 at 20:14
  • Short answer: not possible unless you make a whitelist not a blacklist. – revo May 11 '18 at 20:15
  • @VinothBabu Please read the first sentence of the first answer: "Don't do this with regular expressions." –  May 11 '18 at 20:32
  • @Amy I disagree, the question you linked to is not about JavaScript, it is about Java – Peter Olson May 11 '18 at 20:56
  • @PeterOlson If the answer in Java is "don't do this", the answer in JavaScript is also "don't do this" –  May 11 '18 at 21:10
  • @Amy "Don't do this" is only half of the answer, the other half is "here's what you should do instead", which will be different across programming languages. – Peter Olson May 11 '18 at 21:26

1 Answers1

1

Despite the fact that Regex is not optimal for XSS attack validation as comments said :

This regex need at least two characters because of the two +, which means between one and unlimited characters. * can be used to specify between zero and unlimited characters.

Gilles-Antoine Nys
  • 1,481
  • 16
  • 21