Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PATCH] Add --dtd and --webdtd for <!DOCTYPE ...> with -oX

From: William McVey <wam () cisco com>
Date: Tue, 23 Jan 2007 14:16:36 -0600
On Tue, 2007-01-23 at 11:48 -0600, Kris Katterjohn wrote:

I'm not trying to be rude, but I just don't get what you're saying. If
a
user messes with it, they are *messing* with it. I don't think keeping
this option out of Nmap just because somebody might screw it up, by
their own choice, is a good idea.


Well, my thought is that the criteria shouldn't be whether the option
should be kept out of nmap or not, but whether it really needs to be
added in the first place. There are certainly more canonical ways in the
XML world to tweak a document declaration (an xsl transform utilizing
the doctype-system attribute on xsl:output being the most "standard").
In fact, I can think of no other tool in any field that provides the
capability to override the document declaration to the end user (perhaps
an HTML editor that allows you choose the varient of XHTML you want to
use, but that's not changing the SYSTEM URI spec, that's just choosing
among a set of pre-canned document varients. I mean, when was the time
you were given the option of where the DTD for a XML language is
located? It's certainly not something the "big" xml generators support.

As I mentioned in my original mesg, I'm not dead set against the --dtd
option (even if I were, it's not my decision), but I'm also not sold on
the necessity for nmap to support producing a doctype beyond the
canonical "official" declaration that should be the default in the first
place. 


Of course, I'm not a big XML person and I don't use -oX very often,
and
if I do it's only to view it in a browser real quick. So I'm really
just
throwing my 2 cents in :)


Debating declarations is very much a minutia detail. The main argument
against having a commandline option for setting up a custom declaration
is that it's just not needed and nmap really isn't running short of
options as it is. The main reason for it seems to allow someone to do
something they can already do using more standard facilities available
in XML. My main point though is that I think the webdtd option should be
axed in favor of changing the default behavior and I feel that the
"official" URI for the SYSTEM specifier on insecure.org should
accommodate a version string so that the XML output format can evolve
without overnight invalidating thousands of XML documents around the
world.

  -- William

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: