ngx_xss: Native support for cross-site scripting in an nginx

Michael Shadle mike503 at gmail.com
Fri Jan 29 00:15:54 MSK 2010


It is probably best to interact with ajax - then there is no middle  
tier of php, python, whatever. Slimming the stack down a bit... That  
being said I would be really cautious as to what you expose through it  
of course.

Sent from my iPhone

On Jan 28, 2010, at 1:11 PM, Tobia Conforto <tobia.conforto at gmail.com>  
wrote:

> agentzh wrote:
>> I'm delighted to announce the first release of our new module,  
>> ngx_xss. This output filter module adds native support for simple  
>> cross-site AJAX to the nginx server. Currently only cross-site GET  
>> is implemented, but cross-site POST support is on our TODO list.
>
> Am I the only one wondering what's the use of this module? It seems  
> to just add a string and a pair of parentheses around the response.  
> Can't you do that on the backend, assuming you have some sort of  
> backend? Or on the client side, if the response is to be parsed by  
> some client-side javascript?
>
> I don't mean to belittle your effort, I'm just curious!
>
> Tobia
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx



More information about the nginx mailing list