Need help with right Regex expression for scriptlet tag like <%= xyz %>

Avatar

Avatar

ratnaa68671968

Avatar

ratnaa68671968

ratnaa68671968

26-06-2019

Hi All

I need right Regex expression for scriptlet tag like <%= xyz %> to be defined in "/libs/cq/xssprotection/config.xml" file.

I tried (\<\%\=(\w)+\%\>) and it looks fine with test string line below -

<a href="http://google.com?test=<%=xyz%>">click here</a>

But when I try the same in config.xml line below it doesn’t work and remove the values of href -

<regexp name="acsExpressionURL" value="(\<\%\=\w+\%\>)"/>

...

<!-- Anchor related -->

....

<regexp value="acsExpressionURL"/>

The purpose is to allow <%=paramValue%> as URL parameter value which currently removed by AntiSamy configuration.

Any help will  be appreciated.

Thanks,

Ratna Anand

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

aemmarc

Employee

Avatar

aemmarc

Employee

aemmarc
Employee

27-06-2019

\w may not be understood since it's a metacharacter

Try 0-9A-Za-z_

<regexp name="acsExpressionURL" value="(\<\%\=[0-9A-Za-z_]{1,}\%\>)"/>

Answers (0)