关于正则表达式的问题 [英] Question About Regular Expression
问题描述
大家好,我主要是一名asp.net程序员,但最近我已经用Apache,MySQL和PHP做了一些工作。
无论如何,我有一个问题,我发布在微软asp.net
新闻组。到目前为止,还没有人能够回答它。我觉得
你们中的一些人可能知道答案,这就是我在这里张贴的原因......
我有一个网络有两个文本框的应用程序。第一个文本框允许用户在各种文本,html标签和CSS中键入
。在帖子
后面的第二个文本框将显示/标记从第一个文本框输入的文本。
的想法是用户可以插入他们自己的描述。对于项目
由网站维护。显然,如果我要做某事
这样我应该小心,有XSS攻击等威胁......
所以我有决定使用正则表达式来帮助。我实际上使用了一个名为.net RegularExpressionValidator
服务器控件的东西......但是重要的是它被翻译成
一些使用HTTP响应发出的javascript代码和
在浏览器中提供了一个正则表达式验证器。
现在,我需要阻止<脚本>,< object>,< html>,< body>,< headand
< formtags。我应该使用什么表达式来匹配第一个
文本框中的这些表达式?到目前为止,当我输入< script>
然后点击我的预览时,我甚至无法匹配它。按钮...页面回发(它不是
被javascript验证阻止)无论如何然后我在我的浏览器中得到
javascript错误。
我被建议使用以下表达式...
\< script \to匹配< scriptin第一个文本框。那不行。
我应该用什么表达?
TIA,
JP
Hello guys, I am primarily an asp.net programmer, but lately I''ve been
doing some work with Apache, MySQL and PHP.
Anyways, I have a question that I posted in the microsoft asp.net
newsgroup. Thus far no one there has been able to answer it. I feel
some of you may know the answer, and that''s why I''m posting it here...
I have a web app with two textboxes. The first textbox allows users to
type in various text, html tags and CSS. The second textbox, on post
back, will display/markup the text entered from the first textbox. The
idea is that users can insert their own "descriptions" for items
maintained by the website. Obviously if I am going to do something
like this I should be careful, with the threat of XSS attacks, etc...
And so I have decided to use regular expressions to help. I am
actually using something called a .net RegularExpressionValidator
server control...but what''s important is that it get translated into
some javascript code that gets sent out with the HTTP response and
provides a regular expression validator in the browser.
Now, I need to block <script>, <object>, <html>, <body>, <headand
<formtags. What expression should I use to match these in the first
textbox? Thus far I cannot even get it to match when I type <script>
and then click my "Preview" button...the page posts back (it is not
blocked by the javascript validation) anyways and then I get
javascript errors in my browser.
I was advised to use the following expression...
\<script\to match <scriptin the first textbox. That does not work.
What expression should I use?
TIA,
JP
推荐答案
jo ********* @ topscene.com 写道:
所以我决定使用正则表达式来帮助。我实际上使用了一个名为.net RegularExpressionValidator
服务器控件的东西......但是重要的是它被翻译成
一些通过HTTP响应发出的javascript代码和
在浏览器中提供了一个正则表达式验证器。
And so I have decided to use regular expressions to help. I am
actually using something called a .net RegularExpressionValidator
server control...but what''s important is that it get translated into
some javascript code that gets sent out with the HTTP response and
provides a regular expression validator in the browser.
你明确地说你希望你的正则表达式在
javascript代码中并且你在php组中发帖。
猜猜哪些小组对javascript问题有好处?
You specifically say that you want your regular expression to be in
javascript code and you post in a php group.
Guess what group is good for javascript questions?
2007年10月23日星期二19:53:32 +0200, < jo ********* @topscene.comwrote:
On Tue, 23 Oct 2007 19:53:32 +0200, <jo*********@topscene.comwrote:
大家好,我主要是asp.net程序员,但最近我''已经使用Apache,MySQL和PHP做了一些工作。
无论如何,我有一个问题,我发布在microsoft asp.net
新闻组。到目前为止,还没有人能够回答它。我觉得
你们中的一些人可能知道答案,这就是我在这里张贴的原因......
我有一个网络有两个文本框的应用程序。第一个文本框允许用户在各种文本,html标签和CSS中键入
。在帖子
后面的第二个文本框将显示/标记从第一个文本框输入的文本。
的想法是用户可以插入他们自己的描述。对于项目
由网站维护。显然,如果我要做某事
这样我应该小心,有XSS攻击等威胁......
所以我有决定使用正则表达式来帮助。我实际上使用了一个名为.net RegularExpressionValidator
服务器控件的东西......但是重要的是它被翻译成
一些使用HTTP响应发出的javascript代码和
在浏览器中提供了一个正则表达式验证器。
现在,我需要阻止<脚本>,< object>,< html>,< body>,< headand
< formtags。
Hello guys, I am primarily an asp.net programmer, but lately I''ve been
doing some work with Apache, MySQL and PHP.
Anyways, I have a question that I posted in the microsoft asp.net
newsgroup. Thus far no one there has been able to answer it. I feel
some of you may know the answer, and that''s why I''m posting it here...
I have a web app with two textboxes. The first textbox allows users to
type in various text, html tags and CSS. The second textbox, on post
back, will display/markup the text entered from the first textbox. The
idea is that users can insert their own "descriptions" for items
maintained by the website. Obviously if I am going to do something
like this I should be careful, with the threat of XSS attacks, etc...
And so I have decided to use regular expressions to help. I am
actually using something called a .net RegularExpressionValidator
server control...but what''s important is that it get translated into
some javascript code that gets sent out with the HTTP response and
provides a regular expression validator in the browser.
Now, I need to block <script>, <object>, <html>, <body>, <headand
<formtags.
你确定你也不想为
任何标签禁用内联javascript事件吗?
Are you sure you don''t also want to disable inline javascript events for
any tag?
我应该使用什么表达式来匹配第一个
文本框中的这些表达式?到目前为止,当我输入< script>
然后点击我的预览时,我甚至无法匹配它。按钮...页面回发(它不是
被javascript验证阻止)无论如何然后我在我的浏览器中得到
javascript错误。
我被建议使用以下表达式...
\< script \to匹配< scriptin第一个文本框。这不起作用。
我应该使用什么表达式?
What expression should I use to match these in the first
textbox? Thus far I cannot even get it to match when I type <script>
and then click my "Preview" button...the page posts back (it is not
blocked by the javascript validation) anyways and then I get
javascript errors in my browser.
I was advised to use the following expression...
\<script\to match <scriptin the first textbox. That does not work.
What expression should I use?
/< script [^>] *> / i
-
Rik Wasmus
/<script[^>]*>/i
--
Rik Wasmus
10月23日下午1:03,Rik Wasmus < luiheidsgoe ... @ hotmail.comwrote:
On Oct 23, 1:03 pm, "Rik Wasmus" <luiheidsgoe...@hotmail.comwrote:
On Tue,2007年10月23日19:53:32 +0200,< joey.pow ... @ topscene.comwrote:
On Tue, 23 Oct 2007 19:53:32 +0200, <joey.pow...@topscene.comwrote:
大家好,我主要是一名asp.net程序员,但最近我一直在做b
$ b做一些工作使用Apache,MySQL和PHP。
Hello guys, I am primarily an asp.net programmer, but lately I''ve been
doing some work with Apache, MySQL and PHP.
无论如何,我有一个问题,我发布在微软asp.net
新闻组。到目前为止,还没有人能够回答它。我觉得
你们中的一些人可能知道答案,这就是我在这里张贴的原因......
Anyways, I have a question that I posted in the microsoft asp.net
newsgroup. Thus far no one there has been able to answer it. I feel
some of you may know the answer, and that''s why I''m posting it here...
我有一个带有两个文本框的网络应用程序。第一个文本框允许用户在各种文本,html标签和CSS中键入
。在帖子
后面的第二个文本框将显示/标记从第一个文本框输入的文本。
的想法是用户可以插入他们自己的描述。对于项目
由网站维护。显然,如果我要做某事
这样我应该小心,有XSS攻击的威胁等等......
I have a web app with two textboxes. The first textbox allows users to
type in various text, html tags and CSS. The second textbox, on post
back, will display/markup the text entered from the first textbox. The
idea is that users can insert their own "descriptions" for items
maintained by the website. Obviously if I am going to do something
like this I should be careful, with the threat of XSS attacks, etc...
因此我决定使用正则表达式来提供帮助。我实际上使用了一个名为.net RegularExpressionValidator
服务器控件的东西......但是重要的是它被翻译成
一些通过HTTP响应发出的javascript代码和
在浏览器中提供了一个正则表达式验证器。
And so I have decided to use regular expressions to help. I am
actually using something called a .net RegularExpressionValidator
server control...but what''s important is that it get translated into
some javascript code that gets sent out with the HTTP response and
provides a regular expression validator in the browser.
现在,我需要阻止< script>,< object>,< html>,< body>,< headand
< formtags。
Now, I need to block <script>, <object>, <html>, <body>, <headand
<formtags.
你确定你也不想为
任何标签禁用内联javascript事件吗?
Are you sure you don''t also want to disable inline javascript events for
any tag?
我应该使用什么表达式来匹配第一个
文本框中的这些表达式?到目前为止,当我输入< script>
然后点击我的预览时,我甚至无法匹配它。按钮...页面回发(它不是
被javascript验证阻止)反正然后我在我的浏览器中得到
javascript错误。
What expression should I use to match these in the first
textbox? Thus far I cannot even get it to match when I type <script>
and then click my "Preview" button...the page posts back (it is not
blocked by the javascript validation) anyways and then I get
javascript errors in my browser.
我被建议使用以下表达式...
I was advised to use the following expression...
\< script \在第一个文本框中匹配< scriptin。这不起作用。
我应该使用什么表达式?
\<script\to match <scriptin the first textbox. That does not work.
What expression should I use?
/< script [^>] *> / i
-
Rik Wasmus - 隐藏引用的文字 -
- 显示引用的文字 -
/<script[^>]*>/i
--
Rik Wasmus- Hide quoted text -
- Show quoted text -
谢谢,你是对的
thanks, you''re right
这篇关于关于正则表达式的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!