472,120 Members | 1,462 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,120 software developers and data experts.

RegEx to find CFML tags nested in HTML tags

I'm currently developing a tool in perl to search out potential XSS
(Cross Site Scripting) vulnerabilities and correct them in a
ColdFusion based web app. I've been having great success so far,
however, one scenario has me banging my head against the wall.

I need a regex to find all <cfoutput ...>...</cfoutput> blocks in a
CFM template. The regex should find all such blocks that are *not*
nested within HTML tags (the tag itself, <cfoutput> blocks located
between an opening and closing tag are OK). In other words a tag that
looks like the following:

<link rel="<cfoutput>#directory#/foo.css</cfoutput>">

should be ignored by the regex.

I have tried this a number of ways, however, I have not ocme up with a
solution yet.

The basic RegEx to match the <cfoutput> block is:

$text =~ s/(<cfoutput[^>]*>.*?<\/cfoutput>)/process_cfoutput($1)/sige;

This of course doesn't provide the tag exclusion that I am looking

The next RegEx finds the <cfoutput> block in the tag and continues
matching through the first <cfoutput> block it finds not nested in a
tag, returning too much data.

$text =~ s/(<cfoutput[^>]*>.*?<\/cfoutput>)(?=[^>]*(<|$))/process_cfoutput($1)/sige;

From this point forward I tried various lookaround constructs to limit
the scope of the match without any luck. Any help that can be offered
is greatly appreciated.
Jul 19 '05 #1
0 3275

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by darrel | last post: by
1 post views Thread by Maya | last post: by
13 posts views Thread by Chris Lieb | last post: by
9 posts views Thread by jmchadha | last post: by
7 posts views Thread by MrNobody | last post: by
4 posts views Thread by Matthias S. | last post: by
2 posts views Thread by Shawn B. | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.