Possible to bypass this regex for XSS?

Question

When testing for XSS, is it at all possible to bypass the below regex? I doubt it because it only accepts uppercase and lowercase letters, but maybe?

/^[A-Za-z]+$/

Does it have the *multiline* flag set? If you you can do `\n` — paj28, May 13 '20 at 11:39
It entirely depends on the context wherein it is injected. Generally such a string regex won't allow XSS regardless of where you would reasonably allow it to be inputted to. This isn't always the case though and depends, again, on implementation. — Cillian Collins, May 18 '20 at 13:42

score 2 · Answer 1 · answered May 13 '20 at 08:03

2

Well, this regex is simple enough to be sure that you won't be able to inject any special character in your input. You won't be able to perform any XSS, unless there is another vulnerability elsewhere.

answered May 13 '20 at 08:03

Benoit Esnard

13,942
7
65
65

Possible to bypass this regex for XSS?

1 Answers1