Nmap Development mailing list archives

Re: nmap.xsl local path and web url are wrong

From: Simon John <nmap-dev () the-jedi co uk>
Date: Sun, 20 Jan 2013 11:38:17 +0000

On 20/01/13 10:27, David Fifield wrote:

On Sat, Jan 19, 2013 at 07:42:22PM +0000, nmap-dev () the-jedi co uk wrote:

I recently noticed that when using --webxml the stylesheet is not
fetched - the browser gives the error:

Error loading stylesheet: A network error occurred loading an XSLT
stylesheet:

   http://nmap.org/svn/docs/nmap.xsl

chrome 26 just displays a blank page, opera 12 says "This document had
no style information."

I noticed that if you manually fetch that URL it redirects to an https
site, so maybe there's a problem there...?

As a workaround I thought I'd try just using the local nmap.xsl and
found that that's wrong too, in the xml output i get:

   href="file:///usr/bin/../share/nmap/nmap.xsl"

Instead of /usr/share/nmap/nmap.xsl that it should be, I guess there's
something wrong with NmapOps.cc around line 625 (might have changed, i'm
looking at svn):

   Snprintf(tmpxsl, sizeof(tmpxsl), "%s/nmap.xsl", NMAPDATADIR);

This is with Fedora 18 packaged 6.01 as well as nmap-packaged 6.25 and
even an alien-converted 5.61test2 (from nmap rpm) on debian squeeze, the
last version that puts the correct path that i can find is 5.00
debian-packaged on squeeze.


Thanks for noticing this. In r30529 I've just updated the URL to point
into our new repository, https://svn.nmap.org/nmap/docs/nmap.xsl.

I'm afraid this still won't do what you want, though. Since 2010 or
earlier, both filesystem-based and remote URL XSL stylesheets haven't
worked by default in web browsers, for security reasons having to do
with same-origin.
      http://seclists.org/nmap-dev/2010/q2/630
In Firefox, there is an about:config setting you can change that might
make it work for you again.
      http://kb.mozillazine.org/Security.fileuri.strict_origin_policy

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/



OK, i don't tend to use the feature much anyway as i tend to just use
text output, its just something i noticed didn't work.

the recent xml-to-pdf script works nicely if you want fancy output:
http://seclists.org/nmap-dev/2013/q1/14

Also the local path thing seems to be a packaging issue as simply
compiling from svn puts the correct /usr/share/nmap/nmap.xsl in the
href, building a deb (or rpm) breaks it.

-- 
Simon John
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

nmap.xsl local path and web url are wrong nmap-dev (Jan 19)
- Re: nmap.xsl local path and web url are wrong Simon John (Jan 19)
- Re: nmap.xsl local path and web url are wrong David Fifield (Jan 20)
  - Re: nmap.xsl local path and web url are wrong Simon John (Jan 20)