
<div>Hi Agentzh: </div>

<div> </div>

<div>Thanks very much for your great work. </div>

<div> </div>

<div>I have a question need your help after review your code.</div>

<div> </div>

<div>1) Which field is checked in your function? Do we need to check cookie/url/content-length etc.?</div>

<div>2) A decode function is used to decode the args, do we need deocde escape type? what about unicode and utf-8? </div>

<div> --------</div>

<div> <span class="p">}</span></div>

<div>

<div class="line" id="LC147"> </div>

<div class="line" id="LC148">    <span class="n">src</span> <span class="o"><strong>=</strong></span> <span class="n">callback</span><span class="p">.</span><span class="n">data</span><span class="p">;</span> <span class="n">dst</span> <span class="o"><strong>=</strong></span> <span class="n">p</span><span class="p">;</span></div>


<div class="line" id="LC149"> </div>

<div class="line" id="LC150">    <span class="n">ngx_unescape_uri</span><span class="p">(</span><span class="o"><strong>&amp;</strong></span><span class="n">dst</span><span class="p">,</span> <span class="o"><strong>&amp;</strong></span><span class="n">src</span><span class="p">,</span> <span class="n">callback</span><span class="p">.</span><span class="n">len</span><span class="p">,</span></div>


<div class="line" id="LC151">            <span class="n">NGX_UNESCAPE_URI_COMPONENT</span><span class="p">);</span></div>

<div class="line" id="LC152"> ---------------</div>

<div class="line"> </div>

<div class="line">thanks </div>

<div class="line"> </div>

<div class="line">Nexthop.</div>

<div class="line"> </div><br><br></div>

<div class="gmail_quote">On Tue, Jan 26, 2010 at 6:27 PM, agentzh <span dir="ltr">&lt;<a href="mailto:agentzh@gmail.com">agentzh@gmail.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On Tue, Jan 26, 2010 at 6:20 PM, agentzh &lt;<a href="mailto:agentzh@gmail.com">agentzh@gmail.com</a>&gt; wrote:<br>

&gt;<br>&gt; Enjoy!<br><br>Oops, forgot to give the links:<br><br>Project home page &amp; code repository:<br><br>   <a href="http://github.com/agentzh/xss-nginx-module" target="_blank">http://github.com/agentzh/xss-nginx-module</a><br>

<br>Download page for release tarballs:<br><br>   <a href="http://github.com/agentzh/xss-nginx-module/downloads" target="_blank">http://github.com/agentzh/xss-nginx-module/downloads</a><br><br>Have fun!<br>

<div>

<div></div>

<div class="h5">-agentzh<br><br>_______________________________________________<br>nginx mailing list<br><a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br><a href="http://nginx.org/mailman/listinfo/nginx" target="_blank">http://nginx.org/mailman/listinfo/nginx</a><br>

</div></div></blockquote></div><br>