[wtr-general] Re: Scripting a foreign subframe
I'll try to have a look if I get a little free time at work tomorrow. In the meaintime if you've not already done so you might want to read the bottom of this page, http://wiki.openqa.org/display/WTR/Frames and the link to the info on 'cross frame scripting and security' I'd also double check all the domains and sources for the content of the various frames and try to make sure that all of them are in the same security group, which to get the most permissions would probably need to be 'trusted sites'. Unfortunately what you are trying to do would appear to look to IE and Vista as a potential cross site scripting attack, which is a very serious security vulnerabillity, and vista is right to try and mitigate against it. XSS atttacks are one of the more common ways that malevelent sites manage to install stuff like botware and other malware onto user's machines, and play a big part in a lot of current worms that spread via social engineering attacks (basically IM, twitter etc varients of the classic 'i love you' worm) see my 'skeptical computing' rant on my blog at http://resolvedtotest.com for an example of such a worm. On Apr 22, 6:19 pm, Tony ynot...@gmail.com wrote: Hi Chuck, do this? I don't know. If you can point me at a public site, or give me some code to try that works on a public site, I can try it. and tell you what happens. Could you try it on this site ... 1. goto video.aol.com. 2. Click on the SignIn button. 3. SignIn Frame gets loaded from a different domain. 4. Try to enter the username/password and click on SignIn Thanks, Tony --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Watir General group. To post to this group, send email to watir-general@googlegroups.com Before posting, please read the following guidelines: http://wiki.openqa.org/display/WTR/Support To unsubscribe from this group, send email to watir-general-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/watir-general -~--~~~~--~~--~--~---
[wtr-general] Re: Scripting a foreign subframe
Okay, I don't believe this is possible to do, using the techniques described on that page. So, let me re-iterate my question: has anyone scripted a foreign subframe on Vista IE? If not, is there any way to attach to a frame, in the same way that you can attach to a window? Best, Brian On 4/22/09 11:46 PM, Chuck van der Linden sqa...@gmail.com wrote: I'll try to have a look if I get a little free time at work tomorrow. In the meaintime if you've not already done so you might want to read the bottom of this page, http://wiki.openqa.org/display/WTR/Frames and the link to the info on 'cross frame scripting and security' I'd also double check all the domains and sources for the content of the various frames and try to make sure that all of them are in the same security group, which to get the most permissions would probably need to be 'trusted sites'. Unfortunately what you are trying to do would appear to look to IE and Vista as a potential cross site scripting attack, which is a very serious security vulnerabillity, and vista is right to try and mitigate against it. XSS atttacks are one of the more common ways that malevelent sites manage to install stuff like botware and other malware onto user's machines, and play a big part in a lot of current worms that spread via social engineering attacks (basically IM, twitter etc varients of the classic 'i love you' worm) see my 'skeptical computing' rant on my blog at http://resolvedtotest.com for an example of such a worm. On Apr 22, 6:19 pm, Tony ynot...@gmail.com wrote: Hi Chuck, do this? I don't know. If you can point me at a public site, or give me some code to try that works on a public site, I can try it. and tell you what happens. Could you try it on this site ... 1. goto video.aol.com. 2. Click on the SignIn button. 3. SignIn Frame gets loaded from a different domain. 4. Try to enter the username/password and click on SignIn Thanks, Tony --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Watir General group. To post to this group, send email to watir-general@googlegroups.com Before posting, please read the following guidelines: http://wiki.openqa.org/display/WTR/Support To unsubscribe from this group, send email to watir-general-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/watir-general -~--~~~~--~~--~--~---
[wtr-general] Re: Scripting a foreign subframe
On Thu, Apr 23, 2009 at 09:01, Brian Rosenthal brosent...@facebook.com wrote: If not, is there any way to “attach” to a frame, in the same way that you can attach to a window? Can you open frame in new window/tab? Firefox has context menu option, something like `show only this frame`. Željko --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Watir General group. To post to this group, send email to watir-general@googlegroups.com Before posting, please read the following guidelines: http://wiki.openqa.org/display/WTR/Support To unsubscribe from this group, send email to watir-general-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/watir-general -~--~~~~--~~--~--~---
[wtr-general] Re: Scripting a foreign subframe
You could grab the url and open the frame in another browser window. We have the same problem on some of our sites and that's the choice I've made for solving it. Charley Baker blog: http://blog.charleybaker.org/ Lead Developer, Watir, http://wtr.rubyforge.org QA Architect, Gap Inc Direct On Thu, Apr 23, 2009 at 4:51 AM, Željko Filipin zeljko.fili...@wa-research.ch wrote: On Thu, Apr 23, 2009 at 09:01, Brian Rosenthal brosent...@facebook.com wrote: If not, is there any way to “attach” to a frame, in the same way that you can attach to a window? Can you open frame in new window/tab? Firefox has context menu option, something like `show only this frame`. Željko --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Watir General group. To post to this group, send email to watir-general@googlegroups.com Before posting, please read the following guidelines: http://wiki.openqa.org/display/WTR/Support To unsubscribe from this group, send email to watir-general-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/watir-general -~--~~~~--~~--~--~---
[wtr-general] Re: Scripting a foreign subframe
On Wed, Apr 15, 2009 at 00:59, Brian Rosenthal brosent...@facebook.com wrote: In Vista, IE7, I cannot seem to click on a button located inside of a “foreign subframe” Does it work on Win XP, IE6? Željko --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Watir General group. To post to this group, send email to watir-general@googlegroups.com Before posting, please read the following guidelines: http://wiki.openqa.org/display/WTR/Support To unsubscribe from this group, send email to watir-general-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/watir-general -~--~~~~--~~--~--~---
[wtr-general] Re: Scripting a foreign subframe
Good question. Will try and report back. On 4/23/09 7:51 AM, Željko Filipin zeljko.fili...@wa-research.ch wrote: On Wed, Apr 15, 2009 at 00:59, Brian Rosenthal brosent...@facebook.com wrote: --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Watir General group. To post to this group, send email to watir-general@googlegroups.com Before posting, please read the following guidelines: http://wiki.openqa.org/display/WTR/Support To unsubscribe from this group, send email to watir-general-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/watir-general -~--~~~~--~~--~--~---
[wtr-general] Re: Scripting a foreign subframe
I'm on Vista Business, and IE7 yes? do this? I don't know. If you can point me at a public site, or give me some code to try that works on a public site, I can try it. and tell you what happens. the web UI that I'm testing against does not use frames. To quote one of our devs: in modern world, frames suck because you don't have access to the frame from the main page, if you want to change something in the frame with javascript you can't. in short they caused more problems than they were worth, especially for a site that is trying to be highly interactive.. so tables, divs, ajax, yes. frames no.. given difficulties I've seen others have trying to test against frames, this decision by our developers does not distress me in the least. fat grin On Apr 21, 8:58 pm, Brian Rosenthal brosent...@facebook.com wrote: So, I just want to understand better... Chuck, you're on Vista IE and you can do this? Best, Brian On 4/21/09 4:45 PM, Chuck van der Linden sqa...@gmail.com wrote: you could try adjusting security settings for the browser. If protected mode is turned on (tools-internet options - security tab - look for a checkbox ) you could try turning it off, (you'll have to restart to make sure it's taken effect) and see if that helps If that doesn't work, there's a few speciric security settings that may be topical.. navigate subframes across differernt domains , launching programs and files in an iframe. You might need to seek help in a technet forum for IE or something if none of those make a difference. On Apr 21, 12:54 pm, BrianRosenthal brian.rosent...@gmail.com wrote: So, this does *not* work for me (having both the domains as trusted sites)... Any other ideas?- Hide quoted text - - Show quoted text - --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Watir General group. To post to this group, send email to watir-general@googlegroups.com Before posting, please read the following guidelines: http://wiki.openqa.org/display/WTR/Support To unsubscribe from this group, send email to watir-general-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/watir-general -~--~~~~--~~--~--~---
[wtr-general] Re: Scripting a foreign subframe
Hi Chuck, do this? I don't know. If you can point me at a public site, or give me some code to try that works on a public site, I can try it. and tell you what happens. Could you try it on this site ... 1. goto video.aol.com. 2. Click on the SignIn button. 3. SignIn Frame gets loaded from a different domain. 4. Try to enter the username/password and click on SignIn Thanks, Tony --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Watir General group. To post to this group, send email to watir-general@googlegroups.com Before posting, please read the following guidelines: http://wiki.openqa.org/display/WTR/Support To unsubscribe from this group, send email to watir-general-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/watir-general -~--~~~~--~~--~--~---
[wtr-general] Re: Scripting a foreign subframe
you could try adjusting security settings for the browser.If protected mode is turned on (tools-internet options - security tab - look for a checkbox ) you could try turning it off, (you'll have to restart to make sure it's taken effect) and see if that helps If that doesn't work, there's a few speciric security settings that may be topical.. navigate subframes across differernt domains , launching programs and files in an iframe. You might need to seek help in a technet forum for IE or something if none of those make a difference. On Apr 21, 12:54 pm, BrianRosenthal brian.rosent...@gmail.com wrote: So, this does *not* work for me (having both the domains as trusted sites)... Any other ideas? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Watir General group. To post to this group, send email to watir-general@googlegroups.com Before posting, please read the following guidelines: http://wiki.openqa.org/display/WTR/Support To unsubscribe from this group, send email to watir-general-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/watir-general -~--~~~~--~~--~--~---
[wtr-general] Re: Scripting a foreign subframe
So, I just want to understand better... Chuck, you're on Vista IE and you can do this? Best, Brian On 4/21/09 4:45 PM, Chuck van der Linden sqa...@gmail.com wrote: you could try adjusting security settings for the browser.If protected mode is turned on (tools-internet options - security tab - look for a checkbox ) you could try turning it off, (you'll have to restart to make sure it's taken effect) and see if that helps If that doesn't work, there's a few speciric security settings that may be topical.. navigate subframes across differernt domains , launching programs and files in an iframe. You might need to seek help in a technet forum for IE or something if none of those make a difference. On Apr 21, 12:54 pm, BrianRosenthal brian.rosent...@gmail.com wrote: So, this does *not* work for me (having both the domains as trusted sites)... Any other ideas? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Watir General group. To post to this group, send email to watir-general@googlegroups.com Before posting, please read the following guidelines: http://wiki.openqa.org/display/WTR/Support To unsubscribe from this group, send email to watir-general-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/watir-general -~--~~~~--~~--~--~---
[wtr-general] Re: Scripting a foreign subframe
did you try adding the domain for the sub-frame contents to the same security group (in IE) as the rest of the page? e.g. add them both to trusted sites. (presuming you are intimately familiar with both, and trust them both) I think this is actually not a bad security feature, you wouldn't want something operating in one security context to manipulate things in a different security context.. that's basically a potential 'rights escallation' vulnerability On Apr 14, 3:59 pm, Brian Rosenthal brosent...@facebook.com wrote: In Vista, IE7, I cannot seem to click on a button located inside of a foreign subframe (a subframe with a domain that is different from the main frame). The issue is that when Watir reaches into a foreign subframe, somehow it's in an incorrect security context to access the DOM of the subframe. I've seen documentation on the web confirming this in other places. I'm just curious if it's something that we're fixing... Thanks, Brian --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Watir General group. To post to this group, send email to watir-general@googlegroups.com Before posting, please read the following guidelines: http://wiki.openqa.org/display/WTR/Support To unsubscribe from this group, send email to watir-general-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/watir-general -~--~~~~--~~--~--~---