[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selenium-devel
Subject:    [Selenium-devel] Fw:
From:       JRHuggins () thoughtworks ! COM (Jason R Huggins)
Date:       2005-04-19 14:14:45
Message-ID: OFBBE513DC.84278442-ON86256FE8.007439DE-86256FE8.0075ACA0 () thoughtworks ! com
[Download RAW message or body]

http://msdn.microsoft.com/workshop/author/hta/overview/htaoverview.asp

The key sentence is:
"... Moreover, run as trusted applications, HTAs are not subject to the 
same security constraints as Web pages."""

And some discussion here:
http://www.beernut.ca/jim/archives/001641.html

The specific security constraint that some people want to get around is 
the same origin policy.
http://www.mozilla.org/projects/security/components/same-origin.html

Using an HTA is a convenience/security tradeoff.
To be able to 'conveniently' test a remote site like google.com from a 
Selenium instance running on localhost, you need to remove the 'security 
sandbox' that the localhost files are running in. Selenium uses JavaScript 
to drive the application/site under test. Regular JavaScript security in 
the browser only allows code (in our case-- Selenium) to inspect or modify 
the contents of a child window or frame loaded from the same location that 
Selenium was loaded from. Microsoft HTAs or Mozilla XULs removes this 
'firewall' for you. But lowering security settings comes with some risk... 
You should only use a Selenium HTA (or XUL) to test a site that you trust 
won't harm you.

Jason R. Huggins
Senior Developer - ThoughtWorks, Inc.
selenium.thoughtworks.com

selenium-devel-bounces@lists.public.thoughtworks.org wrote on 04/19/2005 
03:46:55 PM:

> Sorry for my ignorance, but what is an HTA file? I've tried to
> understand this from the docs, but maybe I'm just dumb... 
> 
[prev in list] [next in list] [prev in thread] [next in thread]