John P. Rouillard wrote...
> Returning HTML from the plugin is not a bad thing especially with the
> larger output size we now have. I can easily see the plugin doing some
> diagnosis and providing a link to the page that describes the problem
> and solution for an operator to implement.
This makes sense. But nagios will have to default to "plugin may send
harmful content", at least as long as plugins forward third parties data
as-is, e.g. the greeting banner of a NNTP server tested. Volunteers to
audit all plugings currently availabe?
In other words, the current state of nagios2 allows another XSS attack
although this cannot be done easily. My primary intent is to have that
problem fixed.
Christoph
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]