Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PATCH] NSE - escaping attribute content

From: Tim Rupp <tarupp () fnal gov>
Date: Tue, 01 May 2007 14:37:58 -0500
Hi Stoiko,

Thanks for the patch. I'll give it a go and let ya know what happens.

Thanks in advance,
Tim

Stoiko Ivanov wrote:

Hi,

My name is Stoiko Ivanov - I'm one of the lucky people who got accepted
in this years Google Summer of Code (and I'm looking forward to work on Nmap).
I'll be enhancing the NSE during this summer and (hopefully) will add some new features to make script-writing easier 
and even more powerfull.

Fyodor offered me to fix a little bug in the xml-output of the NSE-scripts
(see: http://seclists.org/nmap-dev/2007/q2/0123.html).

I think the problem was that the output of the scripts (which is included
in the output-xml file inside the <script > tag) was taken verbatim and
wasn't escaped properly (e.g. '<' wasn't replaced by &lt;). I changed 
printportoutput() and printhostscriptresults() (both in output.cc) 
to print the script-output after it went through xml_convert(). 

I hope my patch fixes the problem (at least it does in the case described
in the bug-report)

I would be grateful for any comment on the patch, since it's my first one
(especially if I've forgotten something, or made anything wrong).

cheers
stoiko



------------------------------------------------------------------------


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: