Protecting Your Cookies: HttpOnly

That’s what Regex is for, isn’t it?

There’s no way that the above input would pass my Regex filters, which obviously contains /?script. Be sure to check for octal syntax as well, because that’s much harder but equally valid.