CGI, Common Gateway Interface, is a standard for executing scripts from a web server. Every major web server supports it and it is the only way to make script portable between web servers. Challenger supports CGI scripts via the CGI executable support module.

CGI addresses few of the security implications of programming on the web. The programmer of the CGI script has to deal with them herself. Thus CGI scripts have become a security problem. It is easy to find, download and install CGI scripts that may have security problems. Care has to be taken when designing and testing the CGI script so it will be capable of handling any user input. On the web you never know when someone will try giving your little script a few megabytes of machine code as input.

Challenger makes it possible to combine CGI programming with the unique functionality present in Challenger. Either the output of CGI scripts can be parsed by the RXML parser. Or the CGI script itself can be invoked from within RXML with the <cgi> tag. It is even possible to define new tags handled via CGI scripts by combining the <define> tag with the <cgi> tag.