ngx_xss: Native support for cross-site scripting in an nginx

Tobia Conforto tobia.conforto at
Fri Jan 29 22:32:37 MSK 2010

agentzh wrote:
> The initial motivation of writing this module is to build a full-fledged blog app that is powered completely by nginx.conf and client-side JavaScript. I already have something runnable now.

This sounds very cool.

>> Can't you do that
>> on the client side, if the response is to be parsed by some client-side javascript?
> This is the classic cross-site GET trick for JavaScript programmers.

I guess this is the part I'm not clear about... I usually just fetch stuff with jQuery and then process it on the client-side as I see fit. Also, looking up xss on Google only gives results about browser vulnerabilities.


More information about the nginx mailing list