diff --git a/en/docs/deploy-and-publish/deploy-on-gateway/api-gateway/threat-protectors/regular-expression-threat-protection-for-api-gateway.md b/en/docs/deploy-and-publish/deploy-on-gateway/api-gateway/threat-protectors/regular-expression-threat-protection-for-api-gateway.md index 52e28b2b95..db9f72430b 100644 --- a/en/docs/deploy-and-publish/deploy-on-gateway/api-gateway/threat-protectors/regular-expression-threat-protection-for-api-gateway.md +++ b/en/docs/deploy-and-publish/deploy-on-gateway/api-gateway/threat-protectors/regular-expression-threat-protection-for-api-gateway.md @@ -50,15 +50,19 @@ We recommend the following patterns for denying requests. XPath Injection - .*'.*|.*or.*|.*1=1.*|.*ALTER.*|.*ALTER TABLE.*|.*ALTER VIEW.*|
+ .*'.*|(?\u003C![\w\d])or(?![\w\d])|.*1=1.*|.*ALTER.*|.*ALTER TABLE.*|.*ALTER VIEW.*|
.*CREATE DATABASE.*|.*CREATE PROCEDURE.*|.*CREATE SCHEMA.*|
.*create table.*|.*CREATE VIEW.*|.*DELETE.*|.*DROP DATABASE.*|
.*DROP PROCEDURE.*|.*DROP.*|.*SELECT.* - JavaScript Exception -

<\s*script\b[^>]*>[^<]+<\s*/\s*script\s*>

+ JavaScript Injection +

+ ``` + <\s*script\b[^>]*>[^<]+<\s*/\s*script\s*> + ``` +

XPath Expanded Syntax Injection