Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Path to nmap.xsl for win32

From: jah <jah () zadkiel plus com>
Date: Mon, 29 Sep 2008 23:57:16 +0100
On 29/09/2008 21:42, David Fifield wrote:

On Mon, Sep 29, 2008 at 09:01:54PM +0100, jah wrote:
  

There's a feature of firefox 3 which affects the handling of file:///
resources alluded to in [1] which also describes how to change the
security.fileuri.strict_origin_policy preference to work around the
feature - possibly lowering security in the process.

Basically firefox will load file:///C:/Program Files/Nmap/nmap.xsl if
the xml output file is opened from
C:/ or
C:/Program Files or
C:/Program Files/Nmap or any subdirectory thereof.
If the xml output file is opened from anywhere else ( e.g. C:/Program
Files/foo/) firefox's error console reports:
Security Error: Content at file:///C:/Program%20Files/foo/test.xml may
not load data from file:///C:/Program%20Files/Nmap/nmap.xsl.
    


Very interesting. What happens with --webxml?

Security Error: Content at file:///C:/test.xml may not load data from
http://nmap.org/data/nmap.xsl.

security.fileuri.strict_origin_policy has no effect on this and it seems
that stylesheets have to be loaded from the same origin.  This happens
on firefox 2 and 3 so it's been in effect for a while.  Internet
Explorer has no such qualms, I wonder if any other browsers do.

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: