To protect against vulnerabilities such as script injection and cross-site scripting, user input can be verified and rejected, or an application can remove harmful characters and continue processing. This topic provides example code that uses regular expressions to verify user input.
The regular expression, ^[\w\.:\?&=/]*$, searches for a complete string (from beginning to end) that contains only the following characters:
- alphanumeric or underscore (_)
- periods (.)
- colons (:)
- question marks (?)
- ampersands (&)
- equal signs (=)
- forward slashes (/)
<% Response.CodePage = 1252
If ValidateInput(MyUrl) Then
Response.Write("URL was invalid.")
Dim reValid Set reValid = New RegExp
reValid.Pattern = "^[\w\.:\?&=/]*$"
reValid.MultiLine = False
reValid.Global = True
ValidateInput = reValid.
End Function %>