Nmap Development mailing list archives
[NSE] Why http.parse_form() rejects forms w/o action?
From: nnposter () users sourceforge net
Date: Fri, 29 Aug 2014 19:27:25 +0000
I have run into an issue where http.parse_form() refuses to process
a form unless it contains the action attribute so I would like to
solicit some rationale behind this behavior.
IMHO it seems acceptable to process such forms, while leaving "action"
undefined in the resulting object.
Any explanation is highly appreciated.
Cheers,
nnposter
--- nselib/http.lua.orig 2014-08-29 13:22:14.654233000 -0600
+++ nselib/http.lua 2014-08-29 13:14:44.689699000 -0600
@@ -1914,8 +1914,6 @@
local form_action = string.match(form, '[Aa][Cc][Tt][Ii][Oo][Nn]=[\'"](.-)[\'"]')
if form_action then
parsed["action"] = form_action
- else
- return nil
end
-- determine if the form is using get or post
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Why http.parse_form() rejects forms w/o action? nnposter (Aug 29)
- Re: [NSE] Why http.parse_form() rejects forms w/o action? David Fifield (Aug 29)
- Re: [NSE] Why http.parse_form() rejects forms w/o action? Daniel Miller (Aug 29)
- Re: [NSE] Why http.parse_form() rejects forms w/o action? nnposter (Aug 29)
- Re: [NSE] Why http.parse_form() rejects forms w/o action? Daniel Miller (Aug 29)
- Re: [NSE] Why http.parse_form() rejects forms w/o action? David Fifield (Aug 29)