I'm currently developing a tool in perl to search out potential XSS
(Cross Site Scripting) vulnerabilities and correct them in a
ColdFusion based web app. I've been having great success so far,
however, one scenario has me banging my head against the wall.
I need a regex to find all <cfoutput ...>...</cfoutput> blocks in a
CFM template. The regex should find all such blocks that are *not*
nested within HTML tags (the tag itself, <cfoutput> blocks located
between an opening and closing tag are OK). In other words a tag that
looks like the following:
<link rel="<cfoutput>#directory#/foo.css</cfoutput>">
should be ignored by the regex.
I have tried this a number of ways, however, I have not ocme up with a
solution yet.
The basic RegEx to match the <cfoutput> block is:
$text =~ s/(<cfoutput[^>]*>.*?<\/cfoutput>)/process_cfoutput($1)/sige;
This of course doesn't provide the tag exclusion that I am looking
for.
The next RegEx finds the <cfoutput> block in the tag and continues
matching through the first <cfoutput> block it finds not nested in a
tag, returning too much data.
$text =~ s/(<cfoutput[^>]*>.*?<\/cfoutput>)(?=[^>]*(<|$))/process_cfoutput($1)/sige;
From this point forward I tried various lookaround constructs to limit
the scope of the match without any luck. Any help that can be offered
is greatly appreciated.
Thanks,
-dhs
