2

我正在尝试使用 Browserstack 的 Selenium 和他们的 Node.js 驱动程序设置一些自动化测试。我想检查通过 HTTPS 访问 URL 时页面是否显示任何不安全的内容警告。

有没有办法在 Selenium 中检测到这一点?如果一个浏览器比另一个更容易,那很好。

4

2 回答 2

2

Here are a few different ways to detect this using Selenium and other tools:

  • iterate through all links and ensure they all start with https:// (though via Selenium, this won't detect complex loaded content, XHR, JSONP, and interframe RPC requests)

  • automate running the tool on Why No Padlock?, which may not do more than the above method

  • utilize Sikuli to take a screenshot of the region of the browser address bar showing the green padlock (in the case of Chrome) and fail if not present (caveat of using this in parallel testing mentioned here

There is also mention here of the Content Security Policy in browsers, which will prevent the loading of any non-secure objects and perform a callback to an external URL when encountered.

UPDATE:

These proposed solutions intend to detect any non-secure objects being loaded to the page. This should be the best practice for asserting the content is secure. However, if you literally need to detect whether the specific browser's insecure content warning message is being displayed (aka, software testing the browser vs your website), then utilizing Sikuli to match either the visible existence warning messages or the non-existence of your page's content could do the job.

于 2013-09-22T07:04:26.480 回答
2

Firefox 每次遇到混合内容时都会创建一个日志条目,因此您可以在 selenium 中查看日志。例子:

driver = webdriver.Firefox()
driver.get("https://googlesamples.github.io/web-fundamentals/fundamentals/security/prevent-mixed-content/simple-example.html")

browser_logs = driver.get_log("browser")

并且,在 browser_logs 中寻找

{u'timestamp': 1483366797638, u'message': u'Blocked loading mixed active content "http://googlesamples.github.io/web-fundamentals/samples/discovery-and-distribution/avoid-mixed-content/simple-example.js"', u'type': u'', u'level': u'INFO'}
{u'timestamp': 1483366797644, u'message': u'Blocked loading mixed active content "http://googlesamples.github.io/web-fundamentals/samples/discovery-and-distribution/avoid-mixed-content/simple-example.js"', u'type': u'', u'level': u'INFO'}
于 2017-01-02T14:27:03.450 回答