Closed smulube closed 11 years ago
On Fri, Nov 4, 2011 at 7:10 AM, Sam Mulube reply@reply.github.com wrote:
all as you'd expect but:
GET http://example.com/123.json?callback=foo._bar {"json":true}
and in the last case it logs:
xss: bad callback argument: "foo._bar"
in nginx's error log.
Thanks for the report. This is indeed a bug in the callback name parser. I'll fix it later today.
Thanks! -agentzh
awesome, thanks.
On Fri, Nov 4, 2011 at 8:34 AM, agentzh agentzh@gmail.com wrote:
and in the last case it logs: xss: bad callback argument: "foo._bar" in nginx's error log.
Thanks for the report. This is indeed a bug in the callback name parser. I'll fix it later today.
I've already fixed this in the v0.03rc5 (pre)release:
https://github.com/agentzh/xss-nginx-module/tags
Could you please try it out?
Thanks! -agentzh
Thanks, will let you know when we manage to test it out.
Consider it resolved.
Hi,
we're using your module in production, and we've just had a user report an issue that I'd like to raise with you which causes the callback wrapper not to be added when I think it probably should.
all as you'd expect but:
and in the last case it logs:
in nginx's error log.
Is this just an obscure edge case that hasn't come up before, or is there some deeper reason why that callback isn't being added that I'm not seeing (which is entirely possible).
Many thanks for any advice.
best regards
Sam