Dojo DOH, unit tests with robot actions wont run - unit-testing

When try to run dijit tests from 1.7 version, popup window shows up and test will not progress any further.
Popup says:
DOH has detected that the current web page is attempting to access DOH, but belongs to a different domain than the one you agreed to let DOH automate. If you did not intend to start a new DOH test by visiting this Web page, press Cancel now and leave the Web page
Clicking OK or Cancel doesn't do anything.
Whats going on a how to fix this?
Browser is Firefox 9, java is working (at least test page say so).

It's slightly hard to tell what the problem is, as you've not said whether you're running this from a local filesystem or under a web server, or which URL you're using.
I've had various problems trying to get DOH Robot running from the local filesystem, but good success running them under a web server.
Try it under a web server (any type will do), and try visiting the URL
http://server:port/ROOTDIR/util/doh/runner.html?testModule=dijit.tests.form.module
(where http://server:port/ROOTDIR/ points to the top of your Dojo SDK directory)
That works fine for me with Dojo SDK 1.7.2; sometimes I then get the same prompt you get, but OK enables the test to continue happily.
If that doesn't work, see if you can run a test page directly without the DOH browser runner wrapped around it, e.g.
http://server:port/ROOTDIR/dijit/tests/form/robot/Button_mouse.html
That might prove easier to diagnose.

Related

Nativescript - XSS Prevention

Does a mobile application written with Nativescript, which utilizes a cross-platform Javascript runtime, have the same XSS vulnerability as a website?
Well, in the strictest sense of the definition of XSS, no. However security vulnerabilities in general -- I guess that depends on several factors about your application. In the strictest sense a normal app the answer would be no; because in a normal application it is not written to download or run any external or user code. So since you don't download or run any external code; that eliminates that risk.
So in a normal application; no. However, if you make some app that actually allows a third-person to run there own JS inside your app; then yes by running any JS you open up the opportunity to compromise your app. But that really wouldn't be XSS, it would just be a security vulnerability you created as you are allowing others to run code in your app. (This is the same with ANY environment, the minute you allow someone to run code in your app; you open the doors for all sorts of mischief)
Now if this "extra" code is downloadable from a website; then you could get a XSS like issue where "BadGuy" posts a JS file on your website and then while extolling the virtues of how cool his script is, "NaiveGuy" downloads and runs it. Bam, NaiveGuy has his phone compromised by a script that you have on your website... But again this is something you would HAVE to specifically make this type of system to allow this to occur; this is not an issue built into NativeScript...
Two notes;
Any platform can suffer from this issue; NativeScript, React Native, Ionic, Cordova, WebSites, Node, Java, C, etc -- you allow a BadGuy to run code inside your app; you are in deep trouble security wise...
If you are using a WebView component in your NativeScript App (or any other language), then the WebView component itself can have XSS issues totally unrelated to NativeScript based on the website have it go to, as the WebView is a true Web browser component and it will do exactly what Chrome or Firefox would do on the site... But any XSS issues in the WebView caused by the website doesn't correlate to an issue inside NativeScript as the WebView is isolated from NativeScript...

Web services intellij idea (HelloWorld example is not working)

I'm trying to create simple WebServices project using Intellij Idea 12 IDE (Glassfish 4.0.0 server, JDK 1.7.0_45)
And have a couple of troubles.
First of all, I cannot expose or unexpose my default class HelloWorld. I just do not have this button (Expose Class as Web Service) in menu 'Web Services' or even in the tab 'tools'.
Somewhere I've found that ALT+ENTER could help me, but it did not. There were no signs of that functionality too.
However, as you probably know, it is not extremely important in this test (HelloWorld) example to expose the class (it is exposed by default) and I still tried to launch my simple solution. But it does not work.
It shows just blank window in browser (path: localhost:8080/jax_ws_server or smth like this). When I intentionally tried to change this path to string (I've changed it not only in browser url-string, but also in Artifacts settings) 'localhost:8080/services/HelloWorld', which I have found in the configuration file 'sun-jaxws.xml', It just shows 404 error in a browser.
I use this tutorial:
http://wiki.jetbrains.net/intellij/Developing_a_simple_JaxWS_WebService
What can I do to solve this problems? Thank you for every answer!

SL Out of browser app - SecurityException

My SL5 out-of-browser application works on one computer, but not on another computer.
On both computers the application is built in, and started from, VS2012 running as Administrator.
The SecurityException occurs here:
Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments)
A possibly related issue: On the computer that throws the exception, the app runs in the default browser, while on the other computer the app runs out-of-browser.
Any insights will be appreciated...
The related issue is spot on: you can't access local folders with a standard Silverlight in browser app, but you can with an OOB one.
So you have either to restrict your functionality to Out-of-Browser mode or enable elevated priviledges in browser (which is quite painful, see various questions on SO: search results).

Coldfusion Server Standalone server displaying source code

I needed to install Coldfusion 8 on my local Windows 7 PC, to do some testing. I took the easy route and installed the Standalone server, which included a built in web server. I didn't really need a fully fledged web server, just needed to test.
So after some time of Coldfusion working fine. It started displaying the source code of the page. In other words, Coldfusion was not parsing the page. Merely displaying the source code.
I've worked out that the following line will make the page display source code
<?xml version="1.0" encoding="utf-16"?>
Even if I remove this line from the source code, the source code is still displayed. So I have to make another .cfm file with all the code except the above line, for it to run.
My question is, how do I clear the Coldfusion Standalone Web Server's cache? I've tried the usual restarting of Coldfusion to no avail.
Update: I eventually used a workaround of just renaming the files ie: testing1.cfm, testing2.cfm. For anyone else getting this issue, just use a standalone web server like Apache.
Have you tried restarting ColdFusion?
Have you tried clearing the cache in your browser?
For what it is worth, I prefer to use a web server even when doing development. I have found that using the CF web server and having all my projects under the CF web root can lead to pathing issues in production.
Not sure if you have already fixed this issue but there is an option in the ColdFusion administrator under the Settings > Caching option. At the bottom is a button named Clear Template Cache Now. Clicking that button will empty (remove) any templates that ColdFusion has cached. The next request to that template will force ColdFusion to recompile it if it has been modified.

Using qunit with web app in iframe

I'm attempting to use qUnit to perform some unit testing that requires the screens generated by my web app to run. My idea is to put my application into an iframe embedded in my qUnit test page. However this does not seem to work (in chrome) I don't seem to be able to access the web app's iframe. If I do this in chrome's console I get undefined:
frames['myApp'].document
I think this is to do with some kind of cross domain scripting security but, both my web app and my test page are being served from localhost so I don't see why this is occurring, also I have started Chrome with the --disable-web-security parameter but this has not fixed.
Is there a better way to do unit testing that requires output from my application?
You can try publish these tests on localhost by any simple http server, for example if you have a node you can use https://github.com/nodeapps/http-server.
I have a similar situation tests are running in iframe and this work without problems.