开发者

Using Regex to remove script tags

I'm trying to use a Regex expression I've found in this website and it doesn't seem to work. Any ideas?

Input string:

sFetch = "123<script type=\"text/javascript\">\n\t\tfunct开发者_开发百科ion utmx_section(){}function utmx(){}\n\t\t(function()})();\n\t</script>456";

Regex:

sFetch = Regex.Replace(sFetch, "<script.*?>.*?</script>", "", RegexOptions.IgnoreCase);


Add RegexOptions.Singleline

RegexOptions.IgnoreCase | RegexOptions.Singleline

And that will never work on follow one.

<script
>
alert(1)
</script
/**/
>

So, Find a HTML parser like HTML Agility Pack


The reason the regex fails is that your input has newlines and the meta char . does not match it.

To solve this you can use the RegexOptions.Singleline option as S.Mark says, or you can change the regex to:

"<script[\d\D]*?>[\d\D]*?</script>"

which used [\d\D] instead of ..

\d is any digit and \D is any non-digit, so [\d\D] is a digit or a non-digit which is effectively any char.


If you actually want to sanitize a html string (and you're using .NET) then take a look at the Microsoft Web Protection Library:

Sanitizer.GetSafeHtmlFragment(untrustedHtml);

There's a description here.


This is a bit shorter:

 "<script[^<]*</script>"

or

"<[^>]*>[^>]*>"
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜