Hi there,
i need to find inline javascript with php regex. I can find external script, but not inline, can anybody help me?
Here is my pattern for external:
"/<script(.*?)src(.*?)>(.*?)<\/script\s*>/smi"
Any ideas?
views:
48answers:
4
A:
update: and only the <script> nodes without the src attribute set:
"/<script((?:(?!src=).)*?)>(.*?)<\/script>/smix"
(my first look-ahead regex ;))
KARASZI István
2010-09-24 15:23:21
Yes, this is for all scripts, but I need the one, without src attribute in opening tag
Simon
2010-09-24 15:30:41
try the fixed solution
KARASZI István
2010-09-24 16:30:30
cool this almost is correct :) You just need to add ? after first * : "/<script((?:(?!src=).)*?)>(.*?)<\/script>/smix"
Simon
2010-09-24 17:49:59
yes, thanks! I fixed it
KARASZI István
2010-09-24 17:58:53
that's not good because it'll find only one character long scripts
KARASZI István
2010-09-24 15:25:10
+2
A:
You need to find all those cases where inline script can be used (i.e. all listener functions onClick, onBlur, onMouseDown, onMouseUp, on...)).
Thariama
2010-09-24 15:23:52
No, i haev HTML doc ant i need to find text like <script type="text/javascript"> var tmp = 3; </script> but not <script language="javascript" type="text/javascript" src="/js/jquery-1.4.2.min.js"></script>
Simon
2010-09-24 15:26:21
@no, there are enough ways to run JS. Another way: `<iframe src="http://example.com/evil.htm"></iframe>`. A better solution would be whitelisting using an application like HTML Purifier.
Lekensteyn
2010-09-24 15:28:13
A:
If you plan to filter certain HTML (JS for example), use HTML Purifier.
Lekensteyn
2010-09-24 15:25:10