执行此操作的替代正则表达式“\.(asmx(?!/js)|aspx|htm)”
有没有办法重写这个正则表达式,使其不包含“/js”的前瞻?
就性能而言,这是否是我应该担心的事情?它被用来过滤 HTTP 请求。
\.(asmx(?!/js)|aspx|htm)
编辑: 需要明确的是:我想专门阻止“.asmx/js”,但允许所有其他 .asmx 请求通过。
BAD: Portal.asmx/js
GOOD: Portal.asmx/UpdateProduct
Is there a way to rewrite this regex expression such that it does not include a lookahead for "/js"?
Is this even something that I should worry about in terms of performance? It is being used to filter HTTP requests.
\.(asmx(?!/js)|aspx|htm)
Edit:
To be clear: I'd like to specifically prevent ".asmx/js" but allow all other .asmx requests through.
BAD: Portal.asmx/js
GOOD: Portal.asmx/UpdateProduct
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您想阻止
Portal.asmx/js但允许Portal.asmx/UpdateProduct,有两种方法可以处理它 - 列出所有接受值的白名单模式,或者对不需要的匹配进行负向预测。负向前瞻几乎肯定会比列出所有可接受的值有更好的性能。
然而,仅仅使用现有的表达式并不能完全满足您的需求。例如,它会阻止
Portal.asmx/json并允许Portal.asmx/js.aspx- 这可能不是可能的 URL,但只是突出显示需要修复的内容。这个表达(复制自无眼睑答案)将适当地处理事情:
值得解释的是,
[/\z]字符类将匹配/或\ z与$相同,但适用于字符类(其中$将匹配文字 $ 字符)。(
$和\z之间存在差异,但仅限于多行模式,与 URL 过滤无关)。一般来说,不必担心性能,除非您遇到可测量的性能问题(否则您如何知道您所做的更改是否产生了任何影响)。
If you want to block
Portal.asmx/jsbut allowPortal.asmx/UpdateProductthere are two ways to handle it - a whitelist pattern listing all the accepted values, or a negative lookahead for the unwanted matches.A negative lookahead is almost certainly going be better performance than listing all the acceptable values.
However, simply using your existing expression will not match exactly what you want. It would block, for example,
Portal.asmx/jsonand allowPortal.asmx/js.aspx- which might not be likely URLs, but simply highlight what needs fixing.This expression (copied from eyelidlessness answer) will handle things appropriately:
It's worth explaining that the
[/\z]character class will match either/or<end of string>- the\zis the same as to$but works in character classes (where the$would match a literal $ character).(There are differences between
$and\zbut only in multiline mode, which isn't relevant for URL filtering).In general, don't worry about performance unless you've got a measurable performance problem (otherwise how will you know if what you've changed made any difference).
不必担心如此简单的前瞻的性能。你的正则表达式没问题。
编辑:但它可能会捕获误报(例如 Portal.asmx/jssomething),您可以尝试以下操作:
Don't worry about performance of such a simple lookahead. Your regex is fine.
Edit: But it may catch false positives (eg Portal.asmx/jssomething), you might try something like: