Hey,
İ am Ehtisham aka OldTshirt. İ completed my College degree in computer science. I am learning unity game development, c#. I am a full time Penetration tester.
There are so many payloads and maybe your regex can stop few of them but at the same time the attacker has ability to understand what type of filtering is on place. Later he/she can modify the payload according to that. But this method looks more applicable. I am not a developer just a guy who is into wen application security and penetration testing
1: block all the common payloads to prevent script kiddies
2: encoding the user input (search queries, )
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
There are so many payloads and maybe your regex can stop few of them but at the same time the attacker has ability to understand what type of filtering is on place. Later he/she can modify the payload according to that. But this method looks more applicable. I am not a developer just a guy who is into wen application security and penetration testing
1: block all the common payloads to prevent script kiddies
2: encoding the user input (search queries, )