3

i need to find inline javascript with php regex. I can find external script, but not inline, can anybody help me?

Here is my pattern for external:

"/<script(.*?)src(.*?)>(.*?)<\/script\s*>/smi"

Any ideas?

Improve this question
1
  • 1
    what about parsing the document with a DOM parser? Commented Sep 24, 2010 at 15:30

3 Answers 3

Reset to default
4 
"/<script((?:(?!src=).)*?)>(.*?)<\/script>/smix"

(My first look-ahead regex ;))

Please note that you should not parse HTML with regexes, see:

https://stackoverflow.com/a/1732454/221213

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Yes, this is for all scripts, but I need the one, without src attribute in opening tag
cool this almost is correct :) You just need to add ? after first * : "/<script((?:(?!src=).)*?)>(.*?)<\/script>/smix"
2

You need to find all those cases where inline script can be used (i.e. all listener functions onClick, onBlur, onMouseDown, onMouseUp, on...)).

Improve this answer

2 Comments

No, i haev HTML doc ant i need to find text like <script type="text/javascript"> var tmp = 3; </script> but not <script language="javascript" type="text/javascript" src="/js/jquery-1.4.2.min.js"></script>
@no, there are enough ways to run JS. Another way: <iframe src="http://example.com/evil.htm"></iframe>. A better solution would be whitelisting using an application like HTML Purifier.
0 
"/<script[^\>]*>(.?)<\/script>/si"
Improve this answer

1 Comment

that's not good because it'll find only one character long scripts

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.