In Part 1 we looked at a number of helper function for determining if any offending substrings exist in a string. In this part, we'll look at these helper function in action and look at some enhancements.
The below code adds six illegal substrings to
a Dictionary object, via the
AddViolation subroutine we examined earlier. Next,
a check is made to see if a user-entered string contains any of these substrings; if it does,
a list of offending substrings are displayed.
Note what the above code is trying to do. It basically is attempting to preclude
the user from entering in certain HTML strings... hrmm... but what if we have a clever
visitor who tries something like
< script ... (note the space between the
< and the word script. Gadzooks! This will slip by and will serve as
an HTML script block when someone views the user's output through an HTML page! Shoot, that's
exactly what we were trying to avoid!
Wouldn't it be neat if we could use regular expressions instead? That way, we could specify
an illegal regular expression like
<(\s)*script, meaning, "Hey, if you find
a less than character followed by zero or more whitespace characters, followed by "script,"
then this is illegal. (For more information on regular expressions be sure to read the articles
at the Regular Expressions Article Index!)
A new helper function will handle this nicely for us:
Note that in this function we create an instance of the Regexp object and use the
Test method in the
For Each ... Next loop to determine if the
offending pattern is found in the passed-in string
strString. Keep in mind
that each element in the Dictionary object that we create needs to be an offending regular
expression pattern, not an offending substring. Regular expressions have certain reserved
characters (like the
?). If you want to include a literal question mark in
an offending pattern, you need to precede it with a backslash:
With this new function, we can create a new, more powerful example:
That about wraps up this article! Note there are some possible enhancements. First off,
ListViolations helper function kind of displays some ugly values. If you'd
like to create some clever code to handle this, feel free to, and send it to
me and if its makes the grade I will post it in this article! :-) Also, it would
be nice to have a
Reset helper function that simply iterated through each element
of a passed-in Dictionary object and set all of its values back to False. Ah, too many ideas,
too little time!