Some javascript-oriented regexps to help find cross-site scripting bugs.

---

We had an XSS bug we found as part of our developer testing. As part of fixing it, Aaron Peckham and I came up with a regexp to see if there were any other places we needed to fix. We came up with these two (the latter only works in perl, not in IntelliJ):

\.innerHTML\s+=\s+[^'"]

!/escapeHTML|strip|toHTML/

When combined (impossible to do in Google Code Search as of 1/31), they give pretty good results for places to start looking for XSS bugs. Another fun one for java and javascript I came up with based upon a findbugs true-positive I ran into a few months ago:

indexOf.*\)\s+>\s+0

It's a common bug to check for >0 instead of >=0 from indexOf. About 10% of the time, it's intentional. Usually, it's not. This isn't exploitable (AFAIK), but it's still a cause of functional bugs that should be fixed.

Google Code Search *still* doesn't support multi-line matching or lookahead/lookbehind, which is really necessary for the bug-finding capabilities to be taken to the next step. Of course, on your own private code you can just make a perl script and do something like:

find . -name "*.js" | xargs perl checkcode.pl

If anyone has improvements upon these regexps or the previous ones , please let me know and I'll post an update!

Discussion: showing all 0 messages

(No messages)

>

Post a new message:

---