Nmap Development mailing list archives
Re: Nmap's XSL headers ignored in Firefox
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 07 Jan 2014 16:17:13 -0600
On 01/07/2014 03:27 PM, Jacek Wielemborek wrote:
This is a security setting for Firefox that isn't likely to be changed. Basically, the --webxml option will only work with some browsers or XLST engines, and there's nothing Nmap can do to change it. The XSL that is referenced (https://svn.nmap.org/nmap/docs/nmap.xsl) is served with the proper Content-Type, so that's good.List, I just tried to generate a few Nmap XML files and noticed that Firefox doesn't seem to load them. I tried to bug the #firefox guys on Mozilla's IRC channel, but got no meaningful reply. Here's what I tried: 1. nmap localhost -oX file.xml --webxml && firefox file.xml Gives an "unknown error" (805303f4) message. Google suggests that it's because Firefox doesn't read external XSL's by default.
Yet another Firefox security thing. In order for this to work, you need to set `security.fileuri.strict_origin_policy` to "false" in Firefox's about:config in order for it to work.2. nmap localhost -oX file.xml && firefox file.xml Results in a blank webpage. Tried to replace "/usr/bin/../share" with "/usr/share" in the file, no help.
This should probably be the default. Using a relative URI for the XSL will work in most situations. If this were the default, there should probably be a --system-xsl option to restore the previous behavior. We could even add an option to copy the system XSL into the current directory, since Nmap knows where it should be based on the installation. Thoughts?3. nmap localhost -oX file.xml sed -i 's@file:///usr/bin/../share/nmap/nmap.xsl () nmap xsl@g' file.xml cp /usr/share/nmap/nmap.xsl . firefox file.xml Works, but it's ugly.
Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap's XSL headers ignored in Firefox Jacek Wielemborek (Jan 07)
- Re: Nmap's XSL headers ignored in Firefox Daniel Miller (Jan 07)
- Re: Nmap's XSL headers ignored in Firefox Claudio Moretti (Jan 07)
- Message not available
- Re: Nmap's XSL headers ignored in Firefox Claudio Moretti (Jan 08)
- Re: Nmap's XSL headers ignored in Firefox Claudio Moretti (Jan 07)
- Re: Nmap's XSL headers ignored in Firefox Daniel Miller (Jan 07)
- Re: Nmap's XSL headers ignored in Firefox Jacek Wielemborek (Jan 14)