API tools faq
paste
Advertisement
Guest User

Edge XSS Filter (October 2015)

a guest
Oct 14th, 2015
1,025
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.64 KB | None | 0 0
raw download clone embed print report
  1. {[\"\'][ ]*(([^a-z0-9~_:\'\" ])|(in)).*?(((l|(\\u006[Cc])|(\\u[{]0*6[Cc][}]))(o|(\\u006[Ff])|(\\u[{]0*6[Ff][}]))({c}|(\\u00{6}3)|(\\u[{]0*{6}3[}]))(a|(\\u0061)|(\\u[{]0*61[}]))(t|(\\u0074)|(\\u[{]0*74[}]))(i|(\\u0069)|(\\u[{]0*69[}]))(o|(\\u006[Ff])|(\\u[{]0*6[Ff][}]))(n|(\\u006[Ee])|(\\u[{]0*6[Ee][}])))|((n|(\\u006[Ee])|(\\u[{]0*6[Ee][}]))(a|(\\u0061)|(\\u[{]0*61[}]))({m}|(\\u00{6}[Dd])|(\\u[{]0*{6}[Dd][}]))(e|(\\u0065)|(\\u[{]0*65[}])))|((o|(\\u006[Ff])|(\\u[{]0*6[Ff][}]))(n|(\\u006[Ee])|(\\u[{]0*6[Ee][}]))({e}|(\\u00{6}5)|(\\u[{]0*{6}5[}]))(r|(\\u0072)|(\\u[{]0*72[}]))(r|(\\u0072)|(\\u[{]0*72[}]))(o|(\\u006[Ff])|(\\u[{]0*6[Ff][}]))(r|(\\u0072)|(\\u[{]0*72[}])))|((v|(\\u0076)|(\\u[{]0*76[}]))(a|(\\u0061)|(\\u[{]0*61[}]))({l}|(\\u00{6}[Cc])|(\\u[{]0*{6}[Cc][}]))(u|(\\u0075)|(\\u[{]0*75[}]))(e|(\\u0065)|(\\u[{]0*65[}]))(O|(\\u004[Ff])|(\\u[{]0*6[Ff][}]))(f|(\\u0066)|(\\u[{]0*66[}])))).*?=}
  2.  
  3. {[\"\'][ ]*(([^a-z0-9~_:\'\" ])|(in)).+?{[\[]}.*?{[\]]}.*?=}
  4.  
  5. {<sc{r}ipt.*?[ /+\t]*?((src)|(xlink:href)|(href))[ /+\t]*=}
  6.  
  7. {<sc{r}ipt.*?>}
  8.  
  9. {<INPUT[ /+\t].*?va{l}ue[ /+\t]*=}
  10.  
  11. {<OPTION[ /+\t].*?va{l}ue[ /+\t]*=}
  12.  
  13. {<fo{r}m.*?>}
  14.  
  15. {<BUTTON[ /+\t].*?va{l}ue[ /+\t]*=}
  16.  
  17. {<[i]?f{r}ame.*?[ /+\t]*?src[ /+\t]*=}
  18.  
  19. {<.*[:]vmlf{r}ame.*?[ /+\t]*?src[ /+\t]*=}
  20.  
  21. {<TEXTA{R}EA[ /+\t>]}
  22.  
  23. {<is{i}ndex[ /+\t>]}
  24.  
  25. {[\"\'][ ]*(([^a-z0-9~_:\'\" ])|(in)).+?{\(}.*?{\)}}
  26.  
  27. {<a.*?hr{e}f}
  28.  
  29. {[\"\'].*?[{,].*(((v|(\\u0076)|(\\u[{]0*76[}])|(\\166)|(\\x76))[^a-z0-9]*({a}|(\\u00{6}1)|(\\u[{]0*{6}1[}])|(\\1{4}1)|(\\x{6}1))[^a-z0-9]*(l|(\\u006C)|(\\u[{]0*6C[}])|(\\154)|(\\x6C))[^a-z0-9]*(u|(\\u0075)|(\\u[{]0*75[}])|(\\165)|(\\x75))[^a-z0-9]*(e|(\\u0065)|(\\u[{]0*65[}])|(\\145)|(\\x65))[^a-z0-9]*(O|(\\u004F)|(\\u[{]0*4F[}])|(\\117)|(\\x4F))[^a-z0-9]*(f|(\\u0066)|(\\u[{]0*66[}])|(\\146)|(\\x66)))|((t|(\\u0074)|(\\u[{]0*74[}])|(\\164)|(\\x74))[^a-z0-9]*({o}|(\\u00{6}F)|(\\u[{]0*{6}F[}])|(\\1{5}7)|(\\x{6}F))[^a-z0-9]*(S|(\\u0053)|(\\u[{]0*53[}])|(\\123)|(\\x53))[^a-z0-9]*(t|(\\u0074)|(\\u[{]0*74[}])|(\\164)|(\\x74))[^a-z0-9]*(r|(\\u0072)|(\\u[{]0*72[}])|(\\162)|(\\x72))[^a-z0-9]*(i|(\\u0069)|(\\u[{]0*69[}])|(\\151)|(\\x69))[^a-z0-9]*(n|(\\u006E)|(\\u[{]0*6E[}])|(\\156)|(\\x6E))[^a-z0-9]*(g|(\\u0067)|(\\u[{]0*67[}])|(\\147)|(\\x67)))).*?:}
  30.  
  31. {[\"\'][ ]*(([^a-z0-9~_:\'\" ])|(in)).+?{[.]}.+?=}
  32.  
  33. {[\"\'].*?{\)}[ ]*(([^a-z0-9~_:\'\" ])|(in)).+?{\(}}
  34.  
  35. {(v|(&#x?0*((86)|(56)|(118)|(76));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*{(b|(&#x?0*((66)|(42)|(98)|(62));?))}([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(s|(&#x?0*((83)|(53)|(115)|(73));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*((c|(&#x?0*((67)|(43)|(99)|(63));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(r|(&#x?0*((82)|(52)|(114)|(72));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(i|(&#x?0*((73)|(49)|(105)|(69));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(p|(&#x?0*((80)|(50)|(112)|(70));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(t|(&#x?0*((84)|(54)|(116)|(74));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*)?(:|(&((#x?0*((58)|(3A));?)|(colon;)))).}
  36.  
  37. {<[?]?im{p}ort[ /+\t].*?implementation[ /+\t]*=}
  38.  
  39. {<ME{T}A[ /+\t].*?((http-equiv)|(charset))[ /+\t]*=}
  40.  
  41. {[ /+\t\"\'`]{o}n\c\c\c+?[ +\t]*?=.}
  42.  
  43. {<EM{B}ED[ /+\t].*?((src)|(type)).*?=}
  44.  
  45. {<BA{S}E[ /+\t].*?href[ /+\t]*=}
  46.  
  47. {[ /+\t\"\'`]data{s}rc[ +\t]*?=.}
  48.  
  49. {<LI{N}K[ /+\t].*?href[ /+\t]*=}
  50.  
  51. {[ /+\t\"\'`]st{y}le[ /+\t]*?=.*?([:=]|(&#x?0*((58)|(3A)|(61)|(3D));?)).*?([(\\]|(&#x?0*((40)|(28)|(92)|(5C));?))}
  52.  
  53. {<AP{P}LET[ /+\t>]}
  54.  
  55. {<OB{J}ECT[ /+\t].*?((type)|(codetype)|(classid)|(code)|(data))[ /+\t]*=}
  56.  
  57. {(j|(&#x?0*((74)|(4A)|(106)|(6A));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(a|(&#x?0*((65)|(41)|(97)|(61));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(v|(&#x?0*((86)|(56)|(118)|(76));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(a|(&#x?0*((65)|(41)|(97)|(61));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(s|(&#x?0*((83)|(53)|(115)|(73));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(c|(&#x?0*((67)|(43)|(99)|(63));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*{(r|(&#x?0*((82)|(52)|(114)|(72));?))}([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(i|(&#x?0*((73)|(49)|(105)|(69));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(p|(&#x?0*((80)|(50)|(112)|(70));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(t|(&#x?0*((84)|(54)|(116)|(74));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(:|(&((#x?0*((58)|(3A));?)|(colon;)))).}
  58.  
  59. {<st{y}le.*?>.*?((@[i\\])|(([:=]|(&#x?0*((58)|(3A)|(61)|(3D));?)).*?([(\\]|(&#x?0*((40)|(28)|(92)|(5C));?))))}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!