XPath to get all elements with an attribute starting with "on"

[Upanisad]

Hello!

I've the following problem. I have an AJAX web application. All data
are passed using XML and parsed through Javascript to update HTML
nodes in various way. In limited cases, I pass a whole HTML snippet
(encapsulated in a CDATA, through XML) that is used "as is" and put
directly in the HTML code (using JS innerHTML).
The problem is that I want to avoid XSS( corss-scripting attacks) and
the most logical way is to prevent them through JS directly on the
client. JS knows HTML really well, while server side language (PHP)
doesn't (not in a proper, easy way).

I was playing with XPath to filter out all the nasty stuff that
someone could inject in the HTML snippets. First of all, all <script>
tags and that's easy. The second hazard comes from all "onclick",
"onmouseover", "on-something" attributes that can execute some JS
actions a hacker could have injected in the code.

I'd like to have an XPath expression that does the following: "Select
every node that has an attribute whose name starts with 'on'". But i'm
quite new to XPath and can't figure out how to do that!!!
I've tried something like:

document.createExpression("//*[@*[starts-with(local-name(), '')]]",
null);

But it doesnt'seem to work (on Firefox 2).
How should I do that? Is it possible?

 

[Martin Honnen]

I'd like to have an XPath expression that does the following: "Select
every node that has an attribute whose name starts with 'on'". But i'm
quite new to XPath and can't figure out how to do that!!!
I've tried something like:

document.createExpression("//*[@*[starts-with(local-name(), '')]]",
null);

The XPath expression obviously should use 'on' e.g.
//*[@*[starts-with(local-name(), 'on')]]

But it doesnt'seem to work (on Firefox 2).

As for Firefox, that method createExpression takes two arguments, a
string with the expression and a namespace resolver so you need at least

document.createExpression("//*[@*[starts-with(local-name(), 'on')]]", null)

Depending on whether the document is an HTML or XML document you also
need to use 'ON' and not 'on' so for me with Firefox 2.0 in a HTML
document the following works:

var xpathExpression =
document.createExpression("//*[@*[starts-with(local-name(), 'ON')]]", null);

var xpathResult = xpathExpression.evaluate(document,
XPathResult.ORDERED_NODE_SNAPSHOT_TYPE, null);

alert(xpathResult.snapshotLength);

 

[Upanisad]

Depending on whether the document is an HTML or XML document you also
need to use 'ON' and not 'on' so for me with Firefox 2.0 in a HTML
document

Oh, damn! Upper case! I tried everything... except such an obvious
variation!

Thanks a lot!