[PATCH] Implements the $arg_encode_<name> variables for get url encode value of <name> argument from request string.
mdounin at mdounin.ru
Wed Mar 25 21:35:43 MSK 2009
On Wed, Mar 25, 2009 at 09:26:09PM +0300, Kirill A. Korinskiy wrote:
> At Wed, 25 Mar 2009 20:19:11 +0300,
> Igor Sysoev <is at rambler-co.ru> wrote:
> > On Wed, Mar 25, 2009 at 08:15:33PM +0300, Kirill A. Korinskiy wrote:
> > > Raw value of arguments from request string can help for XSS.
> > Probably, $encoded_arg_... will be better name ?
> I'm not sure. If you sure -- i can change patch ;)
I am. By using $arg_encode_* you basically disable encode_*
More information about the nginx