Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Why http.parse_form() rejects forms w/o action?

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 29 Aug 2014 14:57:21 -0500
On Fri, Aug 29, 2014 at 2:43 PM, David Fifield <david () bamsoftware com>
wrote:


On Fri, Aug 29, 2014 at 07:27:25PM +0000, nnposter () users sourceforge net
wrote:

I have run into an issue where http.parse_form() refuses to process
a form unless it contains the action attribute so I would like to
solicit some rationale behind this behavior.

IMHO it seems acceptable to process such forms, while leaving "action"
undefined in the resulting object.

Any explanation is highly appreciated.


The default action is formally defined to be GET, so you could just set
it to GET if that's what callers are expecting.

http://www.w3.org/TR/html5/forms.html#attr-fs-action
"The invalid value default for these attributes is the GET state. The
missing value default for the method attribute is also the GET state."



The default *method* is GET. The *action* is the URI path for the reply. I
don't see a problem with nnposter's patch, other than the other scripts
that use http.parse_form would need to be updated to handle the nil case.

Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: