> Actually, I believe the RE that you are looking for is this:
> s/<\s*BODY\s+((([^">]+("(\\.|[^"])*")?)*)ONLOAD)*?\s*/<BODY $1
> DEFANGED-ONLOAD/gi;
Actually, I believe this discussion should be taken off bugtraq unless
someone knows how to fix the backtracking problem that I don't think even
made it to the list.
The problem is with the second (in the above expression) +, and the third
*. What happens is as the regex is processing <BODY 123> it ends up
trying to find a match in with the following values for the [^">]+ :
123
12 3
1 23
1 2 3
I don't know if that makes any sense to you, but it's a exponential load
result, 2^(n-1) where n = len($x). Try this regex on
<BODY $x>
for large values of len($x).
Sean Bastille
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:22 PDT