xsscx/IEXSSFILTERREGEXPIE10

## IEXSSFILTERREGEXPIE10
======================================================
IE XSS REGEX RESULTS (As of 05/2013) for IE10
======================================================
{[\"\'][ ]*(([^a-z0-9~_:\'\" ])|(in)).+?{\(}.*?{\)}}
{[\"\'].*?[{,].*(((v|(\\u0076)|(\\166)|(\\x76))[^a-z0-9]*({a}|(\\u00{6}1)|(\\1{4}1)|(\\x{6}1))[^a-z0-9]*(l|(\\u006C)|(\\154)|(\\x6C))[^a-z0-9]*(u|(\\u0075)|(\\165)|(\\x75))[^a-z0-9]*(e|(\\u0065)|(\\145)|(\\x65))[^a-z0-9]*(O|(\\u004F)|(\\117)|(\\x4F))[^a-z0-9]*(f|(\\u0066)|(\\146)|(\\x66)))|((t|(\\u0074)|(\\164)|(\\x74))[^a-z0-9]*({o}|(\\u00{6}F)|(\\1{5}7)|(\\x{6}F))[^a-z0-9]*(S|(\\u0053)|(\\123)|(\\
{[\"\'][ ]*(([^a-z0-9~_:\'\" ])|(in)).+?{[.]}.+?=}
{[\"\'].*?{\)}[ ]*(([^a-z0-9~_:\'\" ])|(in)).+?{\(}}
{<LI{N}K[ /+\t].*?href[ /+\t]*=}
{<BA{S}E[ /+\t].*?href[ /+\t]*=}
{<ME{T}A[ /+\t].*?http-equiv[ /+\t]*=}
{<OB{J}ECT[ /+\t].*?((type)|(codetype)|(classid)|(code)|(data))[ /+\t]*=}
{[ /+\t\"\'`]data{s}rc[ +\t]*?=.}
{<AP{P}LET[ /+\t>]}
{<st{y}le.*?>.*?((@[i\\])|(([:=]|(&[#()\[\].]x?0*((58)|(3A)|(61)|(3D));?)).*?([(\\]|(&[#()\[\].]x?0*((40)|(28)|(92)|(5C));?))))}
{[ /+\t\"\'`]st{y}le[ /+\t]*?=.*?([:=]|(&[#()\[\].]x?0*((58)|(3A)|(61)|(3D));?)).*?([(\\]|(&[#()\[\].]x?0*((40)|(28)|(92)|(5C));?))}
{(v|(&[#()\[\].]x?0*((86)|(56)|(118)|(76));?))([\t]|(&(([#()\[\].]x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(b|(&[#()\[\].]x?0*((66)|(42)|(98)|(62));?))([\t]|(&(([#()\[\].]x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(s|(&[#()\[\].]x?0*((83)|(53)|(115)|(73));?))([\t]|(&(([#()\[\].]x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(c|(&[#()\[\].]x?0*((67)|(43)|(99)|(63));?))([\t]|(&(([#()\[\].]x?0*(9|(13)|(
{(j|(&[#()\[\].]x?0*((74)|(4A)|(106)|(6A));?))([\t]|(&(([#()\[\].]x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(a|(&[#()\[\].]x?0*((65)|(41)|(97)|(61));?))([\t]|(&(([#()\[\].]x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(v|(&[#()\[\].]x?0*((86)|(56)|(118)|(76));?))([\t]|(&(([#()\[\].]x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(a|(&[#()\[\].]x?0*((65)|(41)|(97)|(61));?))([\t]|(&(([#()\[\].]x?0*(9|(13)
{[\"\'][ ]*(([^a-z0-9~_:\'\" ])|(in)).*?(((l|(\\u006[Cc]))(o|(\\u006[Ff]))({c}|(\\u00{6}3))(a|(\\u0061))(t|(\\u0074))(i|(\\u0069))(o|(\\u006[Ff]))(n|(\\u006[Ee])))|((n|(\\u006[Ee]))(a|(\\u0061))({m}|(\\u00{6}[Dd]))(e|(\\u0065)))|((o|(\\u006[Ff]))(n|(\\u006[Ee]))({e}|(\\u00{6}5))(r|(\\u0072))(r|(\\u0072))(o|(\\u006[Ff]))(r|(\\u0072)))|((v|(\\u0076))(a|(\\u0061))({l}|(\\u00{6}[Cc]))(u|(\\u0075))(e|(\\u0065)
{[\"\'][ ]*(([^a-z0-9~_:\'\" ])|(in)).+?{[\[]}.*?{[\]]}.*?=}
{<sc{r}ipt.*?[ /+\t]*?src[ /+\t]*=}
{<sc{r}ipt.*?>}
{<[i]?f{r}ame.*?[ /+\t]*?src[ /+\t]*=}
{<.*[:]vmlf{r}ame.*?[ /+\t]*?src[ /+\t]*=}
{<fo{r}m.*?>}
{<is{i}ndex[ /+\t>]}
{<EM{B}ED[ /+\t].*?((src)|(type)).*?=}
{<[?]?im{p}ort[ /+\t].*?implementation[ /+\t]*=}
{[ /+\t\"\'`]{o}n\c\c\c+?[ +\t]*?=.}
	======================================================
	IE XSS REGEX RESULTS (As of 05/2013) for IE10
	======================================================
	{[\"\'][ ](([^a-z0-9~_:\'\" ])\|(in)).+?{\(}.?{\)}}
	{[\"\'].?[{,].(((v\|(\\u0076)\|(\\166)\|(\\x76))[^a-z0-9]({a}\|(\\u00{6}1)\|(\\1{4}1)\|(\\x{6}1))[^a-z0-9](l\|(\\u006C)\|(\\154)\|(\\x6C))[^a-z0-9](u\|(\\u0075)\|(\\165)\|(\\x75))[^a-z0-9](e\|(\\u0065)\|(\\145)\|(\\x65))[^a-z0-9](O\|(\\u004F)\|(\\117)\|(\\x4F))[^a-z0-9](f\|(\\u0066)\|(\\146)\|(\\x66)))\|((t\|(\\u0074)\|(\\164)\|(\\x74))[^a-z0-9]({o}\|(\\u00{6}F)\|(\\1{5}7)\|(\\x{6}F))[^a-z0-9](S\|(\\u0053)\|(\\123)\|(\\
	{[\"\'][ ]*(([^a-z0-9~_:\'\" ])\|(in)).+?{[.]}.+?=}
	{[\"\'].?{\)}[ ](([^a-z0-9~_:\'\" ])\|(in)).+?{\(}}
	{<LI{N}K[ /+\t].?href[ /+\t]=}
	{<BA{S}E[ /+\t].?href[ /+\t]=}
	{<ME{T}A[ /+\t].?http-equiv[ /+\t]=}
	{<OB{J}ECT[ /+\t].?((type)\|(codetype)\|(classid)\|(code)\|(data))[ /+\t]=}
	{[ /+\t\"\'`]data{s}rc[ +\t]*?=.}
	{<AP{P}LET[ /+\t>]}
	{<st{y}le.?>.?((@[i\\])\|(([:=]\|(&[#()\[\].]x?0((58)\|(3A)\|(61)\|(3D));?)).?([(\\]\|(&[#()\[\].]x?0*((40)\|(28)\|(92)\|(5C));?))))}
	{[ /+\t\"\'`]st{y}le[ /+\t]?=.?([:=]\|(&[#()\[\].]x?0((58)\|(3A)\|(61)\|(3D));?)).?([(\\]\|(&[#()\[\].]x?0*((40)\|(28)\|(92)\|(5C));?))}
	{(v\|(&[#()\[\].]x?0((86)\|(56)\|(118)\|(76));?))([\t]\|(&(([#()\[\].]x?0(9\|(13)\|(10)\|A\|D);?)\|(tab;)\|(newline;))))(b\|(&[#()\[\].]x?0((66)\|(42)\|(98)\|(62));?))([\t]\|(&(([#()\[\].]x?0(9\|(13)\|(10)\|A\|D);?)\|(tab;)\|(newline;))))(s\|(&[#()\[\].]x?0((83)\|(53)\|(115)\|(73));?))([\t]\|(&(([#()\[\].]x?0(9\|(13)\|(10)\|A\|D);?)\|(tab;)\|(newline;))))(c\|(&[#()\[\].]x?0((67)\|(43)\|(99)\|(63));?))([\t]\|(&(([#()\[\].]x?0*(9\|(13)\|(
	{(j\|(&[#()\[\].]x?0((74)\|(4A)\|(106)\|(6A));?))([\t]\|(&(([#()\[\].]x?0(9\|(13)\|(10)\|A\|D);?)\|(tab;)\|(newline;))))(a\|(&[#()\[\].]x?0((65)\|(41)\|(97)\|(61));?))([\t]\|(&(([#()\[\].]x?0(9\|(13)\|(10)\|A\|D);?)\|(tab;)\|(newline;))))(v\|(&[#()\[\].]x?0((86)\|(56)\|(118)\|(76));?))([\t]\|(&(([#()\[\].]x?0(9\|(13)\|(10)\|A\|D);?)\|(tab;)\|(newline;))))(a\|(&[#()\[\].]x?0((65)\|(41)\|(97)\|(61));?))([\t]\|(&(([#()\[\].]x?0*(9\|(13)
	{[\"\'][ ](([^a-z0-9~_:\'\" ])\|(in)).?(((l\|(\\u006[Cc]))(o\|(\\u006[Ff]))({c}\|(\\u00{6}3))(a\|(\\u0061))(t\|(\\u0074))(i\|(\\u0069))(o\|(\\u006[Ff]))(n\|(\\u006[Ee])))\|((n\|(\\u006[Ee]))(a\|(\\u0061))({m}\|(\\u00{6}[Dd]))(e\|(\\u0065)))\|((o\|(\\u006[Ff]))(n\|(\\u006[Ee]))({e}\|(\\u00{6}5))(r\|(\\u0072))(r\|(\\u0072))(o\|(\\u006[Ff]))(r\|(\\u0072)))\|((v\|(\\u0076))(a\|(\\u0061))({l}\|(\\u00{6}[Cc]))(u\|(\\u0075))(e\|(\\u0065)
	{[\"\'][ ](([^a-z0-9~_:\'\" ])\|(in)).+?{[\[]}.?{[\]]}.*?=}
	{<sc{r}ipt.?[ /+\t]?src[ /+\t]*=}
	{<sc{r}ipt.*?>}
	{<[i]?f{r}ame.?[ /+\t]?src[ /+\t]*=}
	{<.[:]vmlf{r}ame.?[ /+\t]?src[ /+\t]=}
	{<fo{r}m.*?>}
	{<is{i}ndex[ /+\t>]}
	{<EM{B}ED[ /+\t].?((src)\|(type)).?=}
	{<[?]?im{p}ort[ /+\t].?implementation[ /+\t]=}
	{[ /+\t\"\'`]{o}n\c\c\c+?[ +\t]*?=.}