Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: nmap.xsl local path and web url are wrong
From: David Fifield <david () bamsoftware com>
Date: Sun, 20 Jan 2013 02:27:46 -0800

On Sat, Jan 19, 2013 at 07:42:22PM +0000, nmap-dev () the-jedi co uk wrote:
I recently noticed that when using --webxml the stylesheet is not
fetched - the browser gives the error:

Error loading stylesheet: A network error occurred loading an XSLT
stylesheet:

   http://nmap.org/svn/docs/nmap.xsl

chrome 26 just displays a blank page, opera 12 says "This document had
no style information."

I noticed that if you manually fetch that URL it redirects to an https
site, so maybe there's a problem there...?

As a workaround I thought I'd try just using the local nmap.xsl and
found that that's wrong too, in the xml output i get:

   href="file:///usr/bin/../share/nmap/nmap.xsl"

Instead of /usr/share/nmap/nmap.xsl that it should be, I guess there's
something wrong with NmapOps.cc around line 625 (might have changed, i'm
looking at svn):

   Snprintf(tmpxsl, sizeof(tmpxsl), "%s/nmap.xsl", NMAPDATADIR);

This is with Fedora 18 packaged 6.01 as well as nmap-packaged 6.25 and
even an alien-converted 5.61test2 (from nmap rpm) on debian squeeze, the
last version that puts the correct path that i can find is 5.00
debian-packaged on squeeze.

Thanks for noticing this. In r30529 I've just updated the URL to point
into our new repository, https://svn.nmap.org/nmap/docs/nmap.xsl.

I'm afraid this still won't do what you want, though. Since 2010 or
earlier, both filesystem-based and remote URL XSL stylesheets haven't
worked by default in web browsers, for security reasons having to do
with same-origin.
        http://seclists.org/nmap-dev/2010/q2/630
In Firefox, there is an about:config setting you can change that might
make it work for you again.
        http://kb.mozillazine.org/Security.fileuri.strict_origin_policy

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]