I'm attempting to use qUnit to perform some unit testing that requires the screens generated by my web app to run. My idea is to put my application into an iframe embedded in my qUnit test page. However this does not seem to work (in chrome) I don't seem to be able to access the web app's iframe. If I do this in chrome's console I get undefined:
frames['myApp'].document
I think this is to do with some kind of cross domain scripting security but, both my web app and my test page are being served from localhost so I don't see why this is occurring, also I have started Chrome with the --disable-web-security parameter but this has not fixed.
Is there a better way to do unit testing that requires output from my application?
You can try publish these tests on localhost by any simple http server, for example if you have a node you can use https://github.com/nodeapps/http-server.
I have a similar situation tests are running in iframe and this work without problems.
Related
Does a mobile application written with Nativescript, which utilizes a cross-platform Javascript runtime, have the same XSS vulnerability as a website?
Well, in the strictest sense of the definition of XSS, no. However security vulnerabilities in general -- I guess that depends on several factors about your application. In the strictest sense a normal app the answer would be no; because in a normal application it is not written to download or run any external or user code. So since you don't download or run any external code; that eliminates that risk.
So in a normal application; no. However, if you make some app that actually allows a third-person to run there own JS inside your app; then yes by running any JS you open up the opportunity to compromise your app. But that really wouldn't be XSS, it would just be a security vulnerability you created as you are allowing others to run code in your app. (This is the same with ANY environment, the minute you allow someone to run code in your app; you open the doors for all sorts of mischief)
Now if this "extra" code is downloadable from a website; then you could get a XSS like issue where "BadGuy" posts a JS file on your website and then while extolling the virtues of how cool his script is, "NaiveGuy" downloads and runs it. Bam, NaiveGuy has his phone compromised by a script that you have on your website... But again this is something you would HAVE to specifically make this type of system to allow this to occur; this is not an issue built into NativeScript...
Two notes;
Any platform can suffer from this issue; NativeScript, React Native, Ionic, Cordova, WebSites, Node, Java, C, etc -- you allow a BadGuy to run code inside your app; you are in deep trouble security wise...
If you are using a WebView component in your NativeScript App (or any other language), then the WebView component itself can have XSS issues totally unrelated to NativeScript based on the website have it go to, as the WebView is a true Web browser component and it will do exactly what Chrome or Firefox would do on the site... But any XSS issues in the WebView caused by the website doesn't correlate to an issue inside NativeScript as the WebView is isolated from NativeScript...
I have a pretty standard express app, built using the express-generator. Now, I would like to automate some of the things in the app with hubot and I have managed to successfully perform testing and run hubot with slack adapter. However, I would like to have the bot be a part of a regular app.
How can I change the structure of the app (I have a pretty standard import of routes.js which has all of the routes for the app) to allow for the two to run together?
This is running on azure as a WebApp and I have set up a continuous integration with GitHub, so I pretty much just push code and it gets deployed, I don't run anything manually on the actual server. I would be able to run the hubot and server it on a different subdomain or path on the app if it was a regular VPS, but since the azure is taking care of those things, I would need the hubot somehow baked-in the actual express app.
As I know, Hubot has a build-in express web framework that can serve HTTP requests. So theoretically you can integrate hubot with your express webapp thru the router dispatch different urls between express app and hubot.
As references, there is a experimental package project hubot-express shows that hubot as a express app startup. you can try to refer to the code https://github.com/hubot-scripts/hubot-express/blob/master/src/hubot-express.coffee to implement the integration.
The key code: robot.express = app = express();
And the article "Automation and Monitoring with Hubot" show the code that how to serving http requests, please move to https://leanpub.com/automation-and-monitoring-with-hubot/read#leanpub-auto-serving-http-requests to review it.
The key code: robot.router.post('/hubot/notify/:room', function(req, res) {...});
To add to this, in the end I moved to botkit library that provides way easier and integrated way to have both the server and the actual app.
We have two django applications running on the same server that interact with an API that uses oauth. They function as expected, communicating with each other, when run under the django development server. However, when deployed using apache/wsgi they don't work together.
(To be more specific, one application is an instance of the Indivo server; the other one is a custom application that interacts with Indivo.)
What is the best way to trouble shoot this?
Make sure that the Django instances are working by themselves first. For example, one app could be started under Apache, and the other using ./manage.py runserver. Reverse which one is running using Apache and verify that all works as expected.
Use the Apache error logs to look for errors such as failed requests.
Since one of your apps appears to implement a web API, use something like the Google Chrome Postman App to exercise the site from a web browser.
Learn how to use the Django logging framework to log information about your apps as they execute.
When try to run dijit tests from 1.7 version, popup window shows up and test will not progress any further.
Popup says:
DOH has detected that the current web page is attempting to access DOH, but belongs to a different domain than the one you agreed to let DOH automate. If you did not intend to start a new DOH test by visiting this Web page, press Cancel now and leave the Web page
Clicking OK or Cancel doesn't do anything.
Whats going on a how to fix this?
Browser is Firefox 9, java is working (at least test page say so).
It's slightly hard to tell what the problem is, as you've not said whether you're running this from a local filesystem or under a web server, or which URL you're using.
I've had various problems trying to get DOH Robot running from the local filesystem, but good success running them under a web server.
Try it under a web server (any type will do), and try visiting the URL
http://server:port/ROOTDIR/util/doh/runner.html?testModule=dijit.tests.form.module
(where http://server:port/ROOTDIR/ points to the top of your Dojo SDK directory)
That works fine for me with Dojo SDK 1.7.2; sometimes I then get the same prompt you get, but OK enables the test to continue happily.
If that doesn't work, see if you can run a test page directly without the DOH browser runner wrapped around it, e.g.
http://server:port/ROOTDIR/dijit/tests/form/robot/Button_mouse.html
That might prove easier to diagnose.
Is there a way to test a Web Service using VS2010 like it's used to test a web site?
For a web site I can create a set of WebTestRequest objects that emulate the loading and the parsing of a web page from the test and then, implementing the GetRequestEnumerator I can yield results to the load test so that the execution time and payload of any single page could be evaluated by the test runner and published in my test run reports.
I would like to do the same for a test using web service call so that each time I call the web service (there is some logic in calling it, like logging in, getting a security token and pass a proper formatted XML document to the web service method) I can yield the result to my test runner and evaluate it.
Is there a way to do it or do I need to implement a specific class inheriting from the WebTestItem abstract class?
Regards
Massimo
Yes, it is possible to test Web Services using Web Performance Tests in Visual Studio 2010 Ultimate.
Here's a couple of useful links:
How to: Create a Web Service test (MSDN)
How to: Web Service Load Testing Using VSTS 2010 (Blog)
As a starting point, you can use a web proxy tool like Fiddler to intercept the HTTP requests made to the Web Services, copy the contents of the SOAP envelopes in the Web Performance Tests and then tweak them accordingly based on the test scenario you want to simulate.
This doesn't quite answer your question as it's a 3rd party tool, but SOAP UI is a great piece of (free) software for load testing web services, whether your own or someone else's. You can run individual requests, or do a bunch of different load tests.
We've used it for one service that uses credentials, so I'm sure it will work fine for your scenario.