XSS ホールのある保護されていない JSP があります。タグ内にまだ含まれていないすべての${...}文字列を.<c:out value="${...}" /><c:out value="${...}" />
例えば、
<select>
<option value="${foo}">label</option>
</select>
${bar}
<c:out value="${message}" />
次のように正規表現で置き換える必要があります。
<select>
<option value="<c:out value="${foo}" />">label</option>
</select>
<c:out value="${bar}" />
<c:out value="${message}" />
It sounds like your starting text has a mixture of <c:out value="${...}" /> and ${...} in it. If that's the case, you could try something like this:
str = str.replaceAll(
"(?:<c:out\\s+value=\")?\\$\\{([^}]*)\\}(?:\"\\s*/>)?",
"<c:out value=\"\\${$1}\" />"
);
I'm a little rusty on my Java regex syntax, so check that I have the backslashes right. Otherwise, I think that will work.
Regex is not the tool to use when requiring context. However, it would be simple enough to do in two steps by first replacing all instances of <c:out value="${...}" /> to ${...} and then all ${...} to <c:out value="${...}" />.
Regular expressions
\${[^}]+}
<c:out value="\${[^}]+}" />