import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class Example {
public static void main(String[] args) {
final String regex = "((?<=<[_a-zA-Z][^<]*?))\\s+href\\s*=\\s*[\"']?\\s*javascript:[^\"<]*[\"']?";
final String string = "<a href=\"javascript:console.log(document.cookie)\"></a>\n"
+ "<a href='javascript:console.log(document.cookie)'></a>\n"
+ "<a href = \"javascript:console.log(document.cookie)\"></a>\n"
+ "<a href=\" javascript:console.log(document.cookie)\"></a>\n"
+ "<a href=javascript:console.log(document.cookie)></a>\n"
+ "<a \n"
+ "href=\n"
+ " \"javascript:console.log(document.cookie)\">\n"
+ "</a>";
final String subst = "$1";
final Pattern pattern = Pattern.compile(regex, Pattern.MULTILINE);
final Matcher matcher = pattern.matcher(string);
// The substituted value will be contained in the result variable
final String result = matcher.replaceAll(subst);
System.out.println("Substitution result: " + result);
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Java, please visit: https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html