InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Regular expression in XSS exceptions

https://forums.informaction.com/viewtopic.php?t=7566

Page 1 of 1

Regular expression in XSS exceptions

Posted: Wed Nov 02, 2011 12:21 pm
by uten
Hi,

I'm trying to make a XSS exception for the ubernote.com UberClip weblet. (you mark some text and initiate the weblet to have a copy sent to your account at ubernote)

I thought this should work:

Code: Select all

^http://www.ubernote.com/webnote/webtools[:graph:]+$
But it fails when tested on some random page with "lots" of text.
Obviously the include all option works, but I would like something a bit stricter. :)

Code: Select all

^http://www.ubernote.com/webnote/webtools.*$
Is regular expression classes allowed in the XSS filter at all?

Re: Regular expression in XSS exceptions

Posted: Wed Nov 02, 2011 12:34 pm
by uten
:roll:
Guess the posix character classes ain't supported.
Replaced [:graph:] with [\x21-\x7E] and it seems to work as expected.

Best regards.
Uten

Re: Regular expression in XSS exceptions

Posted: Wed Nov 02, 2011 2:41 pm
by dhouwn
uten wrote:Guess the posix character classes ain't supported.
JS is doing the RegExp work so its rules apply: https://developer.mozilla.org/en/JavaSc ... Characters
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited