[PATCH] Implements the $arg_encode_<name> variables for get url encode value of <name> argument from request string.
Kirill A. Korinskiy
catap+nginx at catap.ru
Wed Mar 25 21:26:09 MSK 2009
At Wed, 25 Mar 2009 20:19:11 +0300,
Igor Sysoev <is at rambler-co.ru> wrote:
>
> On Wed, Mar 25, 2009 at 08:15:33PM +0300, Kirill A. Korinskiy wrote:
>
> > Raw value of arguments from request string can help for XSS.
>
> Probably, $encoded_arg_... will be better name ?
>
I'm not sure. If you sure -- i can change patch ;)
--
wbr, Kirill
More information about the nginx
mailing list