Nmap Development mailing list archives
[NSE] Why http.parse_form() rejects forms w/o action?
From: nnposter () users sourceforge net
Date: Fri, 29 Aug 2014 19:27:25 +0000
I have run into an issue where http.parse_form() refuses to process a form unless it contains the action attribute so I would like to solicit some rationale behind this behavior. IMHO it seems acceptable to process such forms, while leaving "action" undefined in the resulting object. Any explanation is highly appreciated. Cheers, nnposter --- nselib/http.lua.orig 2014-08-29 13:22:14.654233000 -0600 +++ nselib/http.lua 2014-08-29 13:14:44.689699000 -0600 @@ -1914,8 +1914,6 @@ local form_action = string.match(form, '[Aa][Cc][Tt][Ii][Oo][Nn]=[\'"](.-)[\'"]') if form_action then parsed["action"] = form_action - else - return nil end -- determine if the form is using get or post _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Why http.parse_form() rejects forms w/o action? nnposter (Aug 29)
- Re: [NSE] Why http.parse_form() rejects forms w/o action? David Fifield (Aug 29)
- Re: [NSE] Why http.parse_form() rejects forms w/o action? Daniel Miller (Aug 29)
- Re: [NSE] Why http.parse_form() rejects forms w/o action? nnposter (Aug 29)
- Re: [NSE] Why http.parse_form() rejects forms w/o action? Daniel Miller (Aug 29)
- Re: [NSE] Why http.parse_form() rejects forms w/o action? David Fifield (Aug 29)