Hey Andres, On Fri, Sep 10, 2010 at 8:26 PM, Andres Riancho <andres.rian...@gmail.com> wrote: > Javier, > > Congrats on your first plugin! :) I have a couple of questions and > comments about the code:
Thank you! > - I don't know much about xpath, could you explain these lines? > AUTOCOMPLETE_FORMS_XPATH = "//form[not(@autocomplete) or @autocomplete='on']" This XPath expression finds all form elements that don't include the 'autocomplete' attribute; otherwise (if included) is set to 'on'. > PWD_INPUT_XPATH = "//input[translate(@type,'PASWORD','pasword')='password']" > Maybe it would be good if you could add a comment there? Right now python's libxml only support XPATH1.0. A more meaningfull and equivalent xpath expression would be: //input[lower-case(@type)='password'] i.e. find all input elements which type's lower-case value equals-case-sensitive 'password'; equivalent to: get all inputs which type's value equals-ignore-case 'Password' (makes more sense as HTML is not case sensitive). Unfortunately this xpath expression (using function 'lower-case') is only supported by XPath2.0 implementations. Maybe for next versions of libxml should be used. Using XPath1.0's 'translate' function is the way to do this so far. See [1]. One more thing to point here is that when the HTMLParser parses a document it converts to lowercase tags and attributes and not the values of the attributes. The reason for this is that the parser generates a valid xml document (and XML is case sensitive). So all xpath expressions must be lowercase. > > - In PWD_INPUT_XPATH, were you trying to say 'PASSWORD' and 'password' ? No, is not necessary. 'PASWORD' and 'password' with a single 'S' and 's' work. Take a look to [1] to see why :-) > > - I'm not sure about this because I haven't tested it, but I think > that the description should be in one line. > Grep every page for detection of forms with 'autocomplete' > capabilities > containing password-type inputs. > > All in all... GREAT work ! Thanks, Javier [1]: http://www.w3.org/TR/xpath/#function-translate ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
