Nmap Development mailing list archives
Re: [PATCH] No direct XML in nmap.cc
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 21 Aug 2014 15:49:34 -0500
On Thu, Jul 31, 2014 at 9:50 AM, David Fifield <david () bamsoftware com> wrote:
On Thu, Jul 31, 2014 at 04:16:46PM +0200, Michal Hrusecky wrote:In nmap.cc, there is a line that puts hardcoded string to the XML output directly, bypassing usage of XML library. I think it would be much nicer to put it in the XML library and keep nmap.cc from writing XML directly. See patch attached.Thanks for the patch. I kind of disagree with it though. Now the XML library isn't general-purpose anymore; xml_start_document can't be used for anything but Nmap XML files. Maybe it's better to make a new xml_doctype_public(root, pubid, uri) function, that outputs the DTD in a general way. http://www.w3.org/TR/REC-xml/#dt-doctype http://www.w3.org/TR/REC-xml/#dt-extent Or even make a new nmap_xml_start_document function that wraps xml_start_document. But xml.cc should remain general-purpose.
I incorporated this idea in r33594, by parameterizing xml_start_document to take the name of the root element, and using that as the entire DOCTYPE declaration. We have had a rash of bad luck with including the DOCTYPE, from bugs in our own XML parsers to badly-behaved hosts downloading the DTD 500 times per minute. If a root-element-only DOCTYPE is good enough for HTML5, it ought to be good enough for us :) Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [PATCH] No direct XML in nmap.cc Michal Hrusecky (Jul 31)
- Re: [PATCH] No direct XML in nmap.cc Jacek Wielemborek (Jul 31)
- Re: [PATCH] No direct XML in nmap.cc David Fifield (Jul 31)
- Re: [PATCH] No direct XML in nmap.cc Daniel Miller (Aug 21)