ngx_xss: Native support for cross-site scripting in an nginx
quan nexthop
quan.nexthop at gmail.com
Thu Jan 28 11:45:42 MSK 2010
Hi Agentzh:
Thanks very much for your great work.
I have a question need your help after review your code.
1) Which field is checked in your function? Do we need to check
cookie/url/content-length etc.?
2) A decode function is used to decode the args, do we need deocde escape
type? what about unicode and utf-8?
--------
}
src *=* callback.data; dst *=* p;
ngx_unescape_uri(*&*dst, *&*src, callback.len,
NGX_UNESCAPE_URI_COMPONENT);
---------------
thanks
Nexthop.
On Tue, Jan 26, 2010 at 6:27 PM, agentzh <agentzh at gmail.com> wrote:
> On Tue, Jan 26, 2010 at 6:20 PM, agentzh <agentzh at gmail.com> wrote:
> >
> > Enjoy!
>
> Oops, forgot to give the links:
>
> Project home page & code repository:
>
> http://github.com/agentzh/xss-nginx-module
>
> Download page for release tarballs:
>
> http://github.com/agentzh/xss-nginx-module/downloads
>
> Have fun!
> -agentzh
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20100128/fe6b7bfa/attachment.html>
More information about the nginx
mailing list