Pattern for CSS url() syntax matches wrongly also some JS url() function calls #441

florianheinze · 2018-10-29T13:27:09Z

In the discoverRegex patterns, the /\s?url\([^"'].*?\)/ig has a dot too much.

If there is e.g. JavaScript code like foo;url();bar();doo the pattern matches url();bar(). The reason is that the [^"'] consumes already the first ) closing bracket in the haystack, and so the following \) has nothing to match anymore.

A simple fix is to strip the . and just use the [^"'] as our wildcard, like /\s?url\([^"')]*?\)/ig.

This problem can lead to crawling URLs with strange JS code appended to it. Like http://example.com/%29;bar%28

The text was updated successfully, but these errors were encountered:

Fixes #441 and #419

Fixes simplecrawler#441 and simplecrawler#419

fredrikekelund added a commit that referenced this issue Oct 30, 2018

Minor improvements to default discoverRegex

f36d822

Fixes #441 and #419

fredrikekelund mentioned this issue Oct 30, 2018

Minor improvements to default discoverRegex #442

Merged

fredrikekelund closed this as completed in #442 Oct 31, 2018

gombosg pushed a commit to gombosg/simplecrawler that referenced this issue Dec 11, 2018

Minor improvements to default discoverRegex

7c84671

Fixes simplecrawler#441 and simplecrawler#419

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Pattern for CSS url() syntax matches wrongly also some JS url() function calls #441

Pattern for CSS url() syntax matches wrongly also some JS url() function calls #441

florianheinze commented Oct 29, 2018

Pattern for CSS url() syntax matches wrongly also some JS url() function calls #441

Pattern for CSS url() syntax matches wrongly also some JS url() function calls #441

Comments

florianheinze commented Oct 29, 2018