Nmap Development mailing list archives

[PATCH] NSE - escaping attribute content

From: Stoiko Ivanov <stoiko () xover htu tuwien ac at>
Date: Tue, 1 May 2007 21:23:54 +0200

Hi,

My name is Stoiko Ivanov - I'm one of the lucky people who got accepted
in this years Google Summer of Code (and I'm looking forward to work on Nmap).
I'll be enhancing the NSE during this summer and (hopefully) will add some new features to make script-writing easier 
and even more powerfull.

Fyodor offered me to fix a little bug in the xml-output of the NSE-scripts
(see: http://seclists.org/nmap-dev/2007/q2/0123.html).

I think the problem was that the output of the scripts (which is included
in the output-xml file inside the <script > tag) was taken verbatim and
wasn't escaped properly (e.g. '<' wasn't replaced by &lt;). I changed 
printportoutput() and printhostscriptresults() (both in output.cc) 
to print the script-output after it went through xml_convert(). 

I hope my patch fixes the problem (at least it does in the case described
in the bug-report)

I would be grateful for any comment on the patch, since it's my first one
(especially if I've forgotten something, or made anything wrong).

cheers
stoiko

Attachment: output.cc.patch
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

nmap 4.21 alpha4 escaping attribute content Tim Rupp (Apr 23)
- [PATCH] NSE - escaping attribute content Stoiko Ivanov (May 01)
  - Re: [PATCH] NSE - escaping attribute content Tim Rupp (May 01)
  - Re: [PATCH] NSE - escaping attribute content Brandon Enright (May 01)
    - Re: [PATCH] NSE - escaping attribute content - corrected Stoiko Ivanov (May 05)
    - Re: [PATCH] NSE - escaping attribute content - corrected Diman Todorov (May 05)