--- http://insanesecurity.info
On Fri, Mar 27, 2009 at 11:03 PM, Andres Riancho <andres.rian...@gmail.com>wrote: > On Fri, Mar 27, 2009 at 5:42 PM, dblackshell <backbon...@gmail.com> wrote: > > ------------------------ > > I understand that this is "any number of characters which are not >", > > but... does this make any sense if you put it in front of a ">" like > > this "<\W*script[^>]*>" ? > > > > Are these equivalent? > > > > <\W*script[^>]*> > > > > <\W*script.*> > > --------------------------------------- > > > > Yes it does make sense because, using <\W*script.*> you get a greedy > regular > > expression. I haven't checked the source, but if the response parsing > > function parses more than one line (or the html text is one liner) things > > could get really buggy. <\W*script.*> will make a similar [0] match, > while > > <\W*script[^>]*> will make a proper [1] match... > > > > I would not post on top, but really can't figure out how the email poped > up > > to you :) > > > > [0] http://img256.imageshack.us/img256/2276/greedys.jpg > > [1] http://img256.imageshack.us/img256/1213/nogreedy.jpg > > > > > > > > What about: > > <\W*script[^>]*> > vs. > <\W*script.*?> > > -- > Andrés Riancho > http://www.bonsai-sec.com/ > http://w3af.sourceforge.net/ > apparently they make the same matches... I had to do some regular expression tracing to understand the logic behind it. nice one :)
------------------------------------------------------------------------------
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
