[prev in list] [next in list] [prev in thread] [next in thread]
List: selenium-devel
Subject: [Selenium-devel] Fw:
From: JRHuggins () thoughtworks ! COM (Jason R Huggins)
Date: 2005-04-19 14:14:45
Message-ID: OFBBE513DC.84278442-ON86256FE8.007439DE-86256FE8.0075ACA0 () thoughtworks ! com
[Download RAW message or body]
http://msdn.microsoft.com/workshop/author/hta/overview/htaoverview.asp
The key sentence is:
"... Moreover, run as trusted applications, HTAs are not subject to the
same security constraints as Web pages."""
And some discussion here:
http://www.beernut.ca/jim/archives/001641.html
The specific security constraint that some people want to get around is
the same origin policy.
http://www.mozilla.org/projects/security/components/same-origin.html
Using an HTA is a convenience/security tradeoff.
To be able to 'conveniently' test a remote site like google.com from a
Selenium instance running on localhost, you need to remove the 'security
sandbox' that the localhost files are running in. Selenium uses JavaScript
to drive the application/site under test. Regular JavaScript security in
the browser only allows code (in our case-- Selenium) to inspect or modify
the contents of a child window or frame loaded from the same location that
Selenium was loaded from. Microsoft HTAs or Mozilla XULs removes this
'firewall' for you. But lowering security settings comes with some risk...
You should only use a Selenium HTA (or XUL) to test a site that you trust
won't harm you.
Jason R. Huggins
Senior Developer - ThoughtWorks, Inc.
selenium.thoughtworks.com
selenium-devel-bounces@lists.public.thoughtworks.org wrote on 04/19/2005
03:46:55 PM:
> Sorry for my ignorance, but what is an HTA file? I've tried to
> understand this from the docs, but maybe I'm just dumb...
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic