Re: [PATCH] No direct XML in nmap.cc

[Daniel Miller <bonsaiviking () gmail com>]

On Thu, Jul 31, 2014 at 9:50 AM, David Fifield <david () bamsoftware com>
wrote:

> On Thu, Jul 31, 2014 at 04:16:46PM +0200, Michal Hrusecky wrote:
> > In nmap.cc, there is a line that puts hardcoded
> > string to the XML output directly, bypassing usage of XML library.  I
> > think it would be much nicer to put it in the XML library and keep
> > nmap.cc from writing XML directly. See patch attached.
>
> Thanks for the patch. I kind of disagree with it though. Now the XML
> library isn't general-purpose anymore; xml_start_document can't be used
> for anything but Nmap XML files.
>
> Maybe it's better to make a new xml_doctype_public(root, pubid, uri)
> function, that outputs the DTD in a general way.
> http://www.w3.org/TR/REC-xml/#dt-doctype
> http://www.w3.org/TR/REC-xml/#dt-extent
>
> Or even make a new nmap_xml_start_document function that wraps
> xml_start_document. But xml.cc should remain general-purpose.
I incorporated this idea in r33594, by parameterizing xml_start_document to
take the name of the root element, and using that as the entire DOCTYPE
declaration. We have had a rash of bad luck with including the DOCTYPE,
from bugs in our own XML parsers to badly-behaved hosts downloading the DTD
500 times per minute. If a root-element-only DOCTYPE is good enough for
HTML5, it ought to be good enough for us :)

Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/