Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var regex = /.*(script\b).*>.*<.*(script\b).*/gi;
- var scripts = [
- "<script> alert(); </script>",
- "<< ScRiPT >alert(\"XSS\");//<</ ScRiPT >",
- "<script/src=test.js></script>",
- "<script src=test.js></script>",
- "<div><script> alert(); </script></div>",
- "<script+>alert();</script>",
- "<script/script>", //valid
- "<scripting></scripting>", // valid
- "<script/src=test.js/>" // valid
- ]
- var x = document.getElementById('x');
- scripts.forEach(function(script) {
- var i = document.createElement('input');
- i.value = script;
- x.appendChild(i);
- x.appendChild(document.createElement('br'));
- })
- var btn = document.createElement('button');
- btn.innerHTML = 'Click Me';
- btn.addEventListener('click', function(e) {
- checkInputs();
- });
- x.appendChild(btn);
- function checkInputs() {
- var inputs = document.getElementsByTagName('input');
- if (!inputs) {
- inputs = []
- }
- for(var i = 0; i < inputs.length; i++) {
- var input = inputs[i];
- if(input) {
- var output = input.value.match(regex);
- console.log(output)
- }
- }
- }
Add Comment
Please, Sign In to add comment
