For Nginx (which handles SSI via ngx_http_ssi_module ):
The .shtml file can then call the resulting data using directives like or by using JavaScript to fetch and display the "patched" comparison results. Security and Patching Considerations view shtml patched
This allows SSI (for includes) but disables the dangerous #exec cmd and #exec cgi commands. For Nginx (which handles SSI via ngx_http_ssi_module ):
Attackers can execute arbitrary shell commands on the server, read sensitive files (e.g., /etc/passwd ), or access environment variables. 0;2a; read sensitive files (e.g.