Computer Hacking Forensic Investigator (CHFI v10) — Question 23

During an investigation of an XSS attack, the investigator comes across the term `[a-zA-Z0-9\%]+` in analyzed evidence details. What is the expression used for?

Answer options

• A. Checks for upper and lower-case alphanumeric string inside the tag, or its hex representation
• B. Checks for forward slash used in HTML closing tags, its hex or double-encoded hex equivalent
• C. Checks for opening angle bracket, its hex or double-encoded hex equivalent
• D. Checks for closing angle bracket, hex or double-encoded hex equivalent

Correct answer: A

Explanation

The correct answer is A because the expression `[a-zA-Z0-9"]+` matches alphanumeric characters, which includes both upper and lower-case letters and numbers, as well as their hexadecimal representations. Options B, C, and D are incorrect as they refer to specific HTML elements and their encodings that are not represented by the given regex expression.