Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > RegEx to find CFML tags nested in HTML tags

Reply
Thread Tools

RegEx to find CFML tags nested in HTML tags

 
 
Dean H. Saxe
Guest
Posts: n/a
 
      01-03-2004
I'm currently developing a tool in perl to search out potential XSS
(Cross Site Scripting) vulnerabilities and correct them in a
ColdFusion based web app. I've been having great success so far,
however, one scenario has me banging my head against the wall.

I need a regex to find all <cfoutput ...>...</cfoutput> blocks in a
CFM template. The regex should find all such blocks that are *not*
nested within HTML tags (the tag itself, <cfoutput> blocks located
between an opening and closing tag are OK). In other words a tag that
looks like the following:

<link rel="<cfoutput>#directory#/foo.css</cfoutput>">

should be ignored by the regex.

I have tried this a number of ways, however, I have not ocme up with a
solution yet.

The basic RegEx to match the <cfoutput> block is:

$text =~ s/(<cfoutput[^>]*>.*?<\/cfoutput>)/process_cfoutput($1)/sige;

This of course doesn't provide the tag exclusion that I am looking
for.

The next RegEx finds the <cfoutput> block in the tag and continues
matching through the first <cfoutput> block it finds not nested in a
tag, returning too much data.

$text =~ s/(<cfoutput[^>]*>.*?<\/cfoutput>)(?=[^>]*(<|$))/process_cfoutput($1)/sige;

From this point forward I tried various lookaround constructs to limit
the scope of the match without any luck. Any help that can be offered
is greatly appreciated.


Thanks,
-dhs
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How make regex that means "contains regex#1 but NOT regex#2" ?? seberino@spawar.navy.mil Python 3 07-01-2008 03:06 PM
Secure Users from dangerous html tags with RegEx Hero41Day ASP .Net 3 06-03-2006 10:32 PM
Regex expression to remove some html tags Spondishy ASP .Net 3 01-04-2006 01:31 PM
Is ASP Validator Regex Engine Same As VS2003 Find Regex Engine? =?Utf-8?B?SmViQnVzaGVsbA==?= ASP .Net 2 10-22-2005 02:43 PM
Regex to strip evil HTML tags Daniel M. Hendricks ASP .Net 2 04-11-2005 02:21 AM



Advertisments