ngx_xss: Native support for cross-site scripting in an nginx
agentzh at gmail.com
Fri Jan 29 10:46:49 MSK 2010
On Thu, Jan 28, 2010 at 4:45 PM, quan nexthop <quan.nexthop at gmail.com> wrote:
> 1) Which field is checked in your function? Do we need to check
> cookie/url/content-length etc.?
I don't think that I understand your question. I'm guessing that you
mean access control mechanism? If yes, then that's for another module
to work together with it, like ngx_encrypted_cookie.
> 2) A decode function is used to decode the args, do we need deocde escape
> type? what about unicode and utf-8?
It's based on octet decoding, no charset is involved here. Either
Unicode or UTF-8 should be fine, as well as other charsets. It depends
on the client side to interpret the charset, not ngx_xss :)
More information about the nginx