Need help with right Regex expression for scriptlet tag like <%= xyz %>

ratnaa68671968

26-06-2019

Hi All

I need right Regex expression for scriptlet tag like <%= xyz %> to be defined in "/libs/cq/xssprotection/config.xml" file.

I tried (\<\%\=(\w)+\%\>) and it looks fine with test string line below -

<a href="http://google.com?test=<%=xyz%>">click here</a>

But when I try the same in config.xml line below it doesn’t work and remove the values of href -

<regexp name="acsExpressionURL" value="(\<\%\=\w+\%\>)"/>

...

<!-- Anchor related -->

....

<regexp value="acsExpressionURL"/>

The purpose is to allow <%=paramValue%> as URL parameter value which currently removed by AntiSamy configuration.

Any help will  be appreciated.

Thanks,

Ratna Anand

Accepted Solutions (1)

Accepted Solutions (1)

aemmarc

Employee

27-06-2019

\w may not be understood since it's a metacharacter

Try 0-9A-Za-z_

<regexp name="acsExpressionURL" value="(\<\%\=[0-9A-Za-z_]{1,}\%\>)"/>

Answers (0)