ngx_xss: Native support for cross-site scripting in an nginx
Tobia Conforto
tobia.conforto at gmail.com
Fri Jan 29 22:32:37 MSK 2010
agentzh wrote:
> The initial motivation of writing this module is to build a full-fledged blog app that is powered completely by nginx.conf and client-side JavaScript. I already have something runnable now.
Wow!
This sounds very cool.
>> Can't you do that
>> on the client side, if the response is to be parsed by some client-side javascript?
>
> This is the classic cross-site GET trick for JavaScript programmers.
I guess this is the part I'm not clear about... I usually just fetch stuff with jQuery and then process it on the client-side as I see fit. Also, looking up xss on Google only gives results about browser vulnerabilities.
Tobia
More information about the nginx
mailing list