ngx_xss: Native support for cross-site scripting in an nginx

quan nexthop quan.nexthop at gmail.com
Thu Jan 28 11:45:42 MSK 2010


Hi Agentzh:

Thanks very much for your great work.

I have a question need your help after review your code.

1) Which field is checked in your function? Do we need to check
cookie/url/content-length etc.?
2) A decode function is used to decode the args, do we need deocde escape
type? what about unicode and utf-8?
 --------
 }

    src *=* callback.data; dst *=* p;

    ngx_unescape_uri(*&*dst, *&*src, callback.len,
            NGX_UNESCAPE_URI_COMPONENT);
 ---------------

thanks

Nexthop.



On Tue, Jan 26, 2010 at 6:27 PM, agentzh <agentzh at gmail.com> wrote:

> On Tue, Jan 26, 2010 at 6:20 PM, agentzh <agentzh at gmail.com> wrote:
> >
> > Enjoy!
>
> Oops, forgot to give the links:
>
> Project home page & code repository:
>
>    http://github.com/agentzh/xss-nginx-module
>
> Download page for release tarballs:
>
>    http://github.com/agentzh/xss-nginx-module/downloads
>
> Have fun!
>  -agentzh
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20100128/fe6b7bfa/attachment.html>


More information about the nginx mailing list