DEV Community

Cover image for Try to exploit this Rexex match to run XSS if you can
Jaden Concord
Jaden Concord

Posted on

Try to exploit this Rexex match to run XSS if you can

I am making a Regex match that needs to detect executing JavaScript functions or setting variables in a string. It basically detects if a string would run a function or set a variable before it evaluates it.

Here is the current Regex

/(([^+-\=\*\/\%\|\<\>\! ])( +)?\(|=>|[^=!<>]=[^=])/
Enter fullscreen mode Exit fullscreen mode

If you can get a string to execute a function or set a variable without this matching it, please comment with what that string is so I can find volrabilities in it. Test it out in RegExr.com.
Alt Text

Top comments (0)