[Israel.pm] RegEx in HTML Character

Georges EL OJAIMI G-OJAIMI at cyberia.net.lb
Tue Jan 29 13:14:52 PST 2008


To be more specific: b, i and u can be easily detected but the problem 
is in the url and its content to be replaced by <a href=link>content</a>

/\[b\]/g, "<b>"
/\[\/b\]/g, "</b>"

/\[i\]/g, "<i>"
/\[\/i\]/g, "</i>"

/\[u\]/g, "<u>"
/\[\/u\]/g, "</u>"


[url]http://url[/url] or [url=http://url]URL text[/url]
should be:
<a href=http://url>http://url</a> or <a href=http://url>URL text</a>

I am playing around with this but no hope till now

/\[url(.*)\]/g, "<a href=>1"
/\[\/url\]/g, "</a>"


Georges EL OJAIMI wrote:
> Hello,
>
> I got this link http://www.securityfocus.com/infocus/1768 which contain 
> different kind of SQL injection, however I still want to capture the 
> following:
>
> [b] [/b]
> [i] [/i]
> [u] [/u]
>
> What is the RegEx pattern to check the characters [ ]
>
> Georges
>
> ik wrote:
>   
>> Hi,
>>
>>
>> On Jan 29, 2008 7:00 AM, Yona Shlomo <yona at cs.technion.ac.il> wrote:
>>   
>>     
>>> On Mon, 28 Jan 2008, Georges EL OJAIMI wrote:
>>>
>>>     
>>>       
>>>> Hello,
>>>>
>>>> Yona Shlomo wrote:
>>>>       
>>>>         
>>>>> How does the following help prevent HTML characters and SQL
>>>>> injection into the database?
>>>>>         
>>>>>           
>>> Can you answer this question? How does this transformation
>>> of yours help prevent SQL injections?
>>>     
>>>       
>> Personally I'm removing chars that I do not expect to have, so if I
>> expect a number value, I do something like this:
>>
>> s/[^0-9]//g
>>
>> Now chars that might effect HTML/SQL are escaped when I use them on
>> HTML/SQL (not before, because it might change the content that I wish
>> to check, like %20 for spaces [in URI] etc).
>> On SQL, I also use binding (if possible I recommend name binding
>> rather then anonymous binding).
>> I usually create some sort of tools that does all of this for me, so I
>> will not have to write a lot of code for each work I require, and you
>> might even want to create a module such as Sanitize::HTML and
>> Sanitize::SQL that will be able to work well.
>> For HTML I recommend the cgi module, it has great escaping features.
>>
>> Ido
>>   
>>     
>
> _______________________________________________
> Perl mailing list
> Perl at perl.org.il
> http://perl.org.il/mailman/listinfo/perl
>
>   




More information about the Perl mailing list