Handling Server Certificate Errors On IE In Code
1,485 views
Skip to first unread message
PeterJef...@hotmail.co.uk
Aug 24, 2011, 5:50:54 AM8/24/11
to Selenium Users
Hi
I'm using Selenium Webdriver in Java (selenium-java-2.4.0) under
Windows XP.
I have number of tests that I've run successfully under Firefox and
which now run almost successfully under Internet Explorer too ...
except for one stumbling block: my tests hang on the website security
certificate error page.
I know there are a number of avenues I can and am pursuing to resolve
the issue by trying configure IE either to ignore or automatically
accept such certificates, but the simplest solution for me would be to
program Selenium Webdriver to click on the "Continue to website"
link ... which is where things get interesting and I like some help
with here.
I've tried quite a number of different XPath and CSS locators to point
to that particular link, but none of them work ... I am able to clik
on it manually while the tests run and let it proceed trrough the
remainder of the tests so I'm quite confident that I understand how to
use basic XPath and CSS properly.
So I've also tried getting my test program to list all the elements it
sees on the IE certificate error page when it gets to it (using an
Xpath serach for all elements matching "//*") ... this works on other
pages to list all elements, but on this page it finds nothing at
all .. it's as if IE has blocked all communication with the page other
than directly using the keyboard.
Has anyone experienced this specific problem and know how to get
Selenium Webdriver to click the 'continue' link?
Thanks
Peter
I'm using Selenium Webdriver in Java (selenium-java-2.4.0) under
Windows XP.
I have number of tests that I've run successfully under Firefox and
which now run almost successfully under Internet Explorer too ...
except for one stumbling block: my tests hang on the website security
certificate error page.
I know there are a number of avenues I can and am pursuing to resolve
the issue by trying configure IE either to ignore or automatically
accept such certificates, but the simplest solution for me would be to
program Selenium Webdriver to click on the "Continue to website"
link ... which is where things get interesting and I like some help
with here.
I've tried quite a number of different XPath and CSS locators to point
to that particular link, but none of them work ... I am able to clik
on it manually while the tests run and let it proceed trrough the
remainder of the tests so I'm quite confident that I understand how to
use basic XPath and CSS properly.
So I've also tried getting my test program to list all the elements it
sees on the IE certificate error page when it gets to it (using an
Xpath serach for all elements matching "//*") ... this works on other
pages to list all elements, but on this page it finds nothing at
all .. it's as if IE has blocked all communication with the page other
than directly using the keyboard.
Has anyone experienced this specific problem and know how to get
Selenium Webdriver to click the 'continue' link?
Thanks
Peter
Mark Collin
Aug 24, 2011, 6:01:27 AM8/24/11
to seleniu...@googlegroups.com
The dialogue you are trying to click on is an OS level dialogue, not a
browser level one so you will not be able to do it.
browser level one so you will not be able to do it.
The best way to deal with this is to tweak your internet options and set IE
to just accept all security certificates on the machine you are using for
testing. With firefox you can use desiredcapabilities to accept all SSL
certificates, I'm not sure if the same is possible with IE.
Hi
Thanks
Peter
--
You received this message because you are subscribed to the Google Groups
"Selenium Users" group.
To post to this group, send email to seleniu...@googlegroups.com.
To unsubscribe from this group, send email to
selenium-user...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/selenium-users?hl=en.
--
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
If you have received this email in error please notify postm...@ardescosolutions.com
PeterJef...@hotmail.co.uk
Aug 24, 2011, 6:27:33 AM8/24/11
to Selenium Users
Thanks Mark ... at least that explains why I can't see the elements.
I've tried using both ACCEPT_SSL_CERTS and
INTRODUCE_FLAKINESS_BY_IGNORING_SECURITY_DOMAINS which IE seems to
accept as used here:
DesiredCapabilities capabilities =
DesiredCapabilities.internetExplorer();
capabilities.setCapability(InternetExplorerDriver.INTRODUCE_FLAKINESS_BY_IGNORING_SECURITY_DOMAINS,
true);
capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS,
true);
capabilities.setJavascriptEnabled(true);
driver = new InternetExplorerDriver(capabilities);
... but it seems to either ignore those settings or they relate to
other issues.
Firefox let me manully accept the certificated and has saved may
acceptance for subsequent tests, but even following the detailed
instructions here:
http://stackoverflow.com/questions/681695/what-do-i-need-to-do-to-get-internet-explorer-8-to-accept-a-self-signed-certifica
... doesn't seem to get the acceptacnce to stick in IE.
The problem seems to be that the certificate has a different address
to the one on the certificate, which I understand may be the usual
practice for installing any security certificates on non-production
environments.
So I guess I'll just have to keep chasing our network/server guys and
see if they can fix the certificate for me.
Thanks again!
On Aug 24, 11:01 am, "Mark Collin" <m...@ardescosolutions.com> wrote:
> The dialogue you are trying to click on is an OS level dialogue, not a
> browser level one so you will not be able to do it.
>
> The best way to deal with this is to tweak your internet options and set IE
> to just accept all security certificates on the machine you are using for
> testing. With firefox you can use desiredcapabilities to accept all SSL
> certificates, I'm not sure if the same is possible with IE.
>
> -----Original Message-----
> From: seleniu...@googlegroups.com
>
> [mailto:seleniu...@googlegroups.com] On Behalf Of
> PeterJeffreyG...@Hotmail.co.uk
> For more options, visit this group athttp://groups.google.com/group/selenium-users?hl=en.
I've tried using both ACCEPT_SSL_CERTS and
INTRODUCE_FLAKINESS_BY_IGNORING_SECURITY_DOMAINS which IE seems to
accept as used here:
DesiredCapabilities capabilities =
DesiredCapabilities.internetExplorer();
capabilities.setCapability(InternetExplorerDriver.INTRODUCE_FLAKINESS_BY_IGNORING_SECURITY_DOMAINS,
true);
capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS,
true);
capabilities.setJavascriptEnabled(true);
driver = new InternetExplorerDriver(capabilities);
... but it seems to either ignore those settings or they relate to
other issues.
Firefox let me manully accept the certificated and has saved may
acceptance for subsequent tests, but even following the detailed
instructions here:
http://stackoverflow.com/questions/681695/what-do-i-need-to-do-to-get-internet-explorer-8-to-accept-a-self-signed-certifica
... doesn't seem to get the acceptacnce to stick in IE.
The problem seems to be that the certificate has a different address
to the one on the certificate, which I understand may be the usual
practice for installing any security certificates on non-production
environments.
So I guess I'll just have to keep chasing our network/server guys and
see if they can fix the certificate for me.
Thanks again!
On Aug 24, 11:01 am, "Mark Collin" <m...@ardescosolutions.com> wrote:
> The dialogue you are trying to click on is an OS level dialogue, not a
> browser level one so you will not be able to do it.
>
> The best way to deal with this is to tweak your internet options and set IE
> to just accept all security certificates on the machine you are using for
> testing. With firefox you can use desiredcapabilities to accept all SSL
> certificates, I'm not sure if the same is possible with IE.
>
> -----Original Message-----
> From: seleniu...@googlegroups.com
>
> [mailto:seleniu...@googlegroups.com] On Behalf Of
>
> --
> This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
>
> If you have received this email in error please notify postmas...@ardescosolutions.com> --
> This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
>
Mark Collin
Aug 24, 2011, 7:03:57 AM8/24/11
to seleniu...@googlegroups.com
Sounds like you have done all the things you should have done, it may well
be worth trying to get some feedback from Jim Evans on the selenium devs
mailing list (he does reply to threads on here as well but I have no idea
how often he checks this list) as he seems to be the authority on the IE
driver. It is possible that you have found a bug in the IE implementation.
be worth trying to get some feedback from Jim Evans on the selenium devs
mailing list (he does reply to threads on here as well but I have no idea
how often he checks this list) as he seems to be the authority on the IE
driver. It is possible that you have found a bug in the IE implementation.
-----Original Message-----
From: seleniu...@googlegroups.com
[mailto:seleniu...@googlegroups.com] On Behalf Of
http://stackoverflow.com/questions/681695/what-do-i-need-to-do-to-get-intern
et-explorer-8-to-accept-a-self-signed-certifica
Thanks again!
If you have received this email in error please notify postm...@ardescosolutions.com
PeterJef...@hotmail.co.uk
Aug 24, 2011, 7:17:24 AM8/24/11
to Selenium Users
Thanks ... I'll do that.
On Aug 24, 12:03 pm, "Mark Collin" <m...@ardescosolutions.com> wrote:
> Sounds like you have done all the things you should have done, it may well
> be worth trying to get some feedback from Jim Evans on the selenium devs
> mailing list (he does reply to threads on here as well but I have no idea
> how often he checks this list) as he seems to be the authority on the IE
> driver. It is possible that you have found a bug in the IE implementation.
>
> -----Original Message-----
> From: seleniu...@googlegroups.com
>
> [mailto:seleniu...@googlegroups.com] On Behalf Of
> PeterJeffreyG...@Hotmail.co.uk
> For more options, visit this group athttp://groups.google.com/group/selenium-users?hl=en.
On Aug 24, 12:03 pm, "Mark Collin" <m...@ardescosolutions.com> wrote:
> Sounds like you have done all the things you should have done, it may well
> be worth trying to get some feedback from Jim Evans on the selenium devs
> mailing list (he does reply to threads on here as well but I have no idea
> how often he checks this list) as he seems to be the authority on the IE
> driver. It is possible that you have found a bug in the IE implementation.
>
> -----Original Message-----
> From: seleniu...@googlegroups.com
>
> [mailto:seleniu...@googlegroups.com] On Behalf Of
> Sent: 24 August 2011 11:28
> To: Selenium Users
> Subject: [selenium-users] Re: Handling Server Certificate Errors On IE In
> Code
>
> Thanks Mark ... at least that explains why I can't see the elements.
>
> I've tried using both ACCEPT_SSL_CERTS and
> INTRODUCE_FLAKINESS_BY_IGNORING_SECURITY_DOMAINS which IE seems to accept as
> used here:
>
> DesiredCapabilities capabilities =
> DesiredCapabilities.internetExplorer();
>
> capabilities.setCapability(InternetExplorerDriver.INTRODUCE_FLAKINESS_BY_IGN
> ORING_SECURITY_DOMAINS,
> true);
> capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS,
> true);
> capabilities.setJavascriptEnabled(true);
> driver = new InternetExplorerDriver(capabilities);
>
> ... but it seems to either ignore those settings or they relate to other
> issues.
>
> Firefox let me manully accept the certificated and has saved may acceptance
> for subsequent tests, but even following the detailed instructions here:
>
> http://stackoverflow.com/questions/681695/what-do-i-need-to-do-to-get...
> To: Selenium Users
> Subject: [selenium-users] Re: Handling Server Certificate Errors On IE In
> Code
>
> Thanks Mark ... at least that explains why I can't see the elements.
>
> I've tried using both ACCEPT_SSL_CERTS and
> INTRODUCE_FLAKINESS_BY_IGNORING_SECURITY_DOMAINS which IE seems to accept as
> used here:
>
> DesiredCapabilities capabilities =
> DesiredCapabilities.internetExplorer();
>
> capabilities.setCapability(InternetExplorerDriver.INTRODUCE_FLAKINESS_BY_IGN
> ORING_SECURITY_DOMAINS,
> true);
> capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS,
> true);
> capabilities.setJavascriptEnabled(true);
> driver = new InternetExplorerDriver(capabilities);
>
> ... but it seems to either ignore those settings or they relate to other
> issues.
>
> Firefox let me manully accept the certificated and has saved may acceptance
> for subsequent tests, but even following the detailed instructions here:
>
niharika varshney
Aug 24, 2011, 8:10:21 AM8/24/11
to seleniu...@googlegroups.com
We have a similar problem that the address on the certificate doesn't match the url address..
In IE7, in Options->Advanced, there is a checkbox at the very end, which says, "Warn about certificate address mismatch."
After importing the certificate, I have unchecked the above checkbox ..n the issue seems to hv gone..
Regards,
Niharika
PeterJef...@hotmail.co.uk
Aug 24, 2011, 8:24:34 AM8/24/11
to Selenium Users
Thanks Niharika
That looks a promising option ... unfortunately that option is greyed
out on my system ... it must be managed by our corporate/group policy
settings, but its something that I can chase up.
Cheers!
On Aug 24, 1:10 pm, niharika varshney <niharika.varsh...@gmail.com>
wrote:
That looks a promising option ... unfortunately that option is greyed
out on my system ... it must be managed by our corporate/group policy
settings, but its something that I can chase up.
Cheers!
On Aug 24, 1:10 pm, niharika varshney <niharika.varsh...@gmail.com>
wrote:
> We have a similar problem that the address on the certificate doesn't match
> the url address..
> In IE7, in Options->Advanced, there is a checkbox at the very end, which
> says, "Warn about certificate address mismatch."
> After importing the certificate, I have unchecked the above checkbox ..n the
> issue seems to hv gone..
>
> Regards,
> Niharika
>
> On Wed, Aug 24, 2011 at 4:47 PM, PeterJeffreyG...@Hotmail.co.uk <
> the url address..
> In IE7, in Options->Advanced, there is a checkbox at the very end, which
> says, "Warn about certificate address mismatch."
> After importing the certificate, I have unchecked the above checkbox ..n the
> issue seems to hv gone..
>
> Regards,
> Niharika
>
Jim Evans
Aug 24, 2011, 8:31:25 AM8/24/11
to Selenium Users
The IE driver has no code to handle SSL certificates at present,
simple as that. I've pretty much willfully ignored the problem, hoping
it would go away. :)
More seriously, I'm not sure that IE allows manipulation of the
certificate store via its COM object model, though I'd love to be
proven wrong about that. It might be possible to force IE to accept
any certificate by manipulating one or more of the security settings
in IE. If so, it might be possible them for the driver to set it for
you. Note, though, that I've had remarkably little success getting
that to work. Then again, I don't do much work on pages requiring
certs in my day-to-day work either.
--Jim
On Aug 24, 7:03 am, "Mark Collin" <m...@ardescosolutions.com> wrote:
> Sounds like you have done all the things you should have done, it may well
> be worth trying to get some feedback from Jim Evans on the selenium devs
> mailing list (he does reply to threads on here as well but I have no idea
> how often he checks this list) as he seems to be the authority on the IE
> driver. It is possible that you have found a bug in the IE implementation.
>
>
>
> -----Original Message-----
> From: seleniu...@googlegroups.com
>
> [mailto:seleniu...@googlegroups.com] On Behalf Of
> PeterJeffreyG...@Hotmail.co.uk
> For more options, visit this group athttp://groups.google.com/group/selenium-users?hl=en.
simple as that. I've pretty much willfully ignored the problem, hoping
it would go away. :)
More seriously, I'm not sure that IE allows manipulation of the
certificate store via its COM object model, though I'd love to be
proven wrong about that. It might be possible to force IE to accept
any certificate by manipulating one or more of the security settings
in IE. If so, it might be possible them for the driver to set it for
you. Note, though, that I've had remarkably little success getting
that to work. Then again, I don't do much work on pages requiring
certs in my day-to-day work either.
--Jim
On Aug 24, 7:03 am, "Mark Collin" <m...@ardescosolutions.com> wrote:
> Sounds like you have done all the things you should have done, it may well
> be worth trying to get some feedback from Jim Evans on the selenium devs
> mailing list (he does reply to threads on here as well but I have no idea
> how often he checks this list) as he seems to be the authority on the IE
> driver. It is possible that you have found a bug in the IE implementation.
>
>
>
> -----Original Message-----
> From: seleniu...@googlegroups.com
>
> [mailto:seleniu...@googlegroups.com] On Behalf Of
> Sent: 24 August 2011 11:28
> To: Selenium Users
> Subject: [selenium-users] Re: Handling Server Certificate Errors On IE In
> Code
>
> Thanks Mark ... at least that explains why I can't see the elements.
>
> I've tried using both ACCEPT_SSL_CERTS and
> INTRODUCE_FLAKINESS_BY_IGNORING_SECURITY_DOMAINS which IE seems to accept as
> used here:
>
> DesiredCapabilities capabilities =
> DesiredCapabilities.internetExplorer();
>
> capabilities.setCapability(InternetExplorerDriver.INTRODUCE_FLAKINESS_BY_IG N
> ORING_SECURITY_DOMAINS,
> true);
> capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS,
> true);
> capabilities.setJavascriptEnabled(true);
> driver = new InternetExplorerDriver(capabilities);
>
> ... but it seems to either ignore those settings or they relate to other
> issues.
>
> Firefox let me manully accept the certificated and has saved may acceptance
> for subsequent tests, but even following the detailed instructions here:
>
> http://stackoverflow.com/questions/681695/what-do-i-need-to-do-to-get...
> To: Selenium Users
> Subject: [selenium-users] Re: Handling Server Certificate Errors On IE In
> Code
>
> Thanks Mark ... at least that explains why I can't see the elements.
>
> I've tried using both ACCEPT_SSL_CERTS and
> INTRODUCE_FLAKINESS_BY_IGNORING_SECURITY_DOMAINS which IE seems to accept as
> used here:
>
> DesiredCapabilities capabilities =
> DesiredCapabilities.internetExplorer();
>
> capabilities.setCapability(InternetExplorerDriver.INTRODUCE_FLAKINESS_BY_IG N
> ORING_SECURITY_DOMAINS,
> true);
> capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS,
> true);
> capabilities.setJavascriptEnabled(true);
> driver = new InternetExplorerDriver(capabilities);
>
> ... but it seems to either ignore those settings or they relate to other
> issues.
>
> Firefox let me manully accept the certificated and has saved may acceptance
> for subsequent tests, but even following the detailed instructions here:
>
PeterJef...@hotmail.co.uk
Aug 24, 2011, 9:41:38 AM8/24/11
to Selenium Users
Thanks Jim
Looks like some QTP users have had the same issues so I assume that
QTP isn't able to manipulate IE's COM object model either to get
around the problem, which may be evidence to help prove you right,
sorry to say.
I'll continue with trying either to get the dodgy certificate fixed or
the security settings tweaked ... oh, the joys of working for a large
bureaucratic organisation!
Looks like some QTP users have had the same issues so I assume that
QTP isn't able to manipulate IE's COM object model either to get
around the problem, which may be evidence to help prove you right,
sorry to say.
I'll continue with trying either to get the dodgy certificate fixed or
the security settings tweaked ... oh, the joys of working for a large
bureaucratic organisation!
Krishnan Mahadevan
Aug 25, 2011, 4:13:54 AM8/25/11
to seleniu...@googlegroups.com
Peter,
Thanks & Regards
Krishnan Mahadevan
"All the desirable things in life are either illegal, expensive, fattening or in love with someone else!"
Can you try if the following would work for you ?
driver.navigate().to("javascript:document.getElementById('overridelink').click()");
Thanks & Regards
Krishnan Mahadevan
"All the desirable things in life are either illegal, expensive, fattening or in love with someone else!"
Mark Collin
Aug 25, 2011, 4:42:49 AM8/25/11
to seleniu...@googlegroups.com
Dialogues asking about security certificates are not browser level, but OS level so you will not be able to bypass them with JavaScript. If you could there would be all sorts of horrible hacks which involved automatically accepting invalid certificates for users to put them onto a secure site that they think is a different one.
-- This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error please notify postm...@ardescosolutions.com
PeterJef...@hotmail.co.uk
Aug 25, 2011, 5:09:20 AM8/25/11
to Selenium Users
Hi Mark
I see where you're coming from, but I think this only works because
I'm executing the Javascript from my client PC.
IE has prevented me from reaching the page with the the security error
and any potential malicious javascript on it, so I think that hackers
would not be able to work round this, would they? ... or do you think
it would be possible to push users to an insecure site once we have
been tempted into viewing a seemingly innocuous one? The security
certificate error page would still arise wouldn't it, however briefly,
alerting our suspicions?
Peter
On Aug 25, 9:42 am, "Mark Collin" <m...@ardescosolutions.com> wrote:
> Dialogues asking about security certificates are not browser level, but OS
> level so you will not be able to bypass them with JavaScript. If you could
> there would be all sorts of horrible hacks which involved automatically
> accepting invalid certificates for users to put them onto a secure site that
> they think is a different one.
>
> From: seleniu...@googlegroups.com
> [mailto:seleniu...@googlegroups.com] On Behalf Of Krishnan Mahadevan
> Sent: 25 August 2011 09:14
> To: seleniu...@googlegroups.com
> Subject: Re: [selenium-users] Re: Handling Server Certificate Errors On IE
> In Code
>
> Peter,
>
> Can you try if the following would work for you ?
>
> driver.navigate().to("javascript:document.getElementById('overridelink').cli
> ck()");
>
> Thanks & Regards
> Krishnan Mahadevan
>
> "All the desirable things in life are either illegal, expensive, fattening
> or in love with someone else!"
>
> On Wed, Aug 24, 2011 at 7:11 PM, PeterJeffreyG...@Hotmail.co.uk
> <mailto:selenium-users%2Bunsu...@googlegroups.com> .
>
> read more »
I see where you're coming from, but I think this only works because
I'm executing the Javascript from my client PC.
IE has prevented me from reaching the page with the the security error
and any potential malicious javascript on it, so I think that hackers
would not be able to work round this, would they? ... or do you think
it would be possible to push users to an insecure site once we have
been tempted into viewing a seemingly innocuous one? The security
certificate error page would still arise wouldn't it, however briefly,
alerting our suspicions?
Peter
On Aug 25, 9:42 am, "Mark Collin" <m...@ardescosolutions.com> wrote:
> Dialogues asking about security certificates are not browser level, but OS
> level so you will not be able to bypass them with JavaScript. If you could
> there would be all sorts of horrible hacks which involved automatically
> accepting invalid certificates for users to put them onto a secure site that
> they think is a different one.
>
> From: seleniu...@googlegroups.com
> [mailto:seleniu...@googlegroups.com] On Behalf Of Krishnan Mahadevan
> Sent: 25 August 2011 09:14
> To: seleniu...@googlegroups.com
> Subject: Re: [selenium-users] Re: Handling Server Certificate Errors On IE
> In Code
>
> Peter,
>
> Can you try if the following would work for you ?
>
> driver.navigate().to("javascript:document.getElementById('overridelink').cli
> ck()");
>
> Thanks & Regards
> Krishnan Mahadevan
>
> "All the desirable things in life are either illegal, expensive, fattening
> or in love with someone else!"
>
>
> > > > For more options, visit this group
> > > athttp://groups.google.com/group/selenium-users?hl=en.
>
> > > > --
> > > > This message contains confidential information and is intended only
> for
> > > the individual named. If you are not the named addressee you should not
> > > disseminate, distribute or copy this e-mail. Please notify the sender
> > > immediately by e-mail if you have received this e-mail by mistake and
> delete
> > > this e-mail from your system. If you are not the intended recipient you
> are
> > > notified that disclosing, copying, distributing or taking any action in
> > > reliance on the contents of this information is strictly prohibited.
>
> > > > If you have received this email in error please notify
> > > > postmas...@ardescosolutions.com
>
> > > --
> > > You received this message because you are subscribed to the Google
> Groups
> > > "Selenium Users" group.
> > > To post to this group, send email to seleniu...@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > > selenium-user...@googlegroups.com
>
> <mailto:selenium-users%2Bunsu...@googlegroups.com> .> > For more options, visit this group
> > > > For more options, visit this group
> > > athttp://groups.google.com/group/selenium-users?hl=en.
>
> > > > --
> > > > This message contains confidential information and is intended only
> for
> > > the individual named. If you are not the named addressee you should not
> > > disseminate, distribute or copy this e-mail. Please notify the sender
> > > immediately by e-mail if you have received this e-mail by mistake and
> delete
> > > this e-mail from your system. If you are not the intended recipient you
> are
> > > notified that disclosing, copying, distributing or taking any action in
> > > reliance on the contents of this information is strictly prohibited.
>
> > > > If you have received this email in error please notify
> > > > postmas...@ardescosolutions.com
>
> > > --
> > > You received this message because you are subscribed to the Google
> Groups
> > > "Selenium Users" group.
> > > To post to this group, send email to seleniu...@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > > selenium-user...@googlegroups.com
>
>
> athttp://groups.google.com/group/selenium-users?hl=en.
>
> > > --
> > > This message contains confidential information and is intended only for
>
> the individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and delete
> this e-mail from your system. If you are not the intended recipient you are
> notified that disclosing, copying, distributing or taking any action in
> reliance on the contents of this information is strictly prohibited.
>
> > > If you have received this email in error please notify
>
> postmas...@ardescosolutions.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Selenium Users" group.
> To post to this group, send email to seleniu...@googlegroups.com.
> To unsubscribe from this group, send email to
> selenium-user...@googlegroups.com
> <mailto:selenium-users%2Bunsu...@googlegroups.com> .
> athttp://groups.google.com/group/selenium-users?hl=en.
>
> > > --
> > > This message contains confidential information and is intended only for
>
> the individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and delete
> this e-mail from your system. If you are not the intended recipient you are
> notified that disclosing, copying, distributing or taking any action in
> reliance on the contents of this information is strictly prohibited.
>
> > > If you have received this email in error please notify
>
> postmas...@ardescosolutions.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Selenium Users" group.
> To post to this group, send email to seleniu...@googlegroups.com.
> To unsubscribe from this group, send email to
> selenium-user...@googlegroups.com
> For more options, visit this group athttp://groups.google.com/group/selenium-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Selenium Users" group.
> To post to this group, send email to seleniu...@googlegroups.com.
> To unsubscribe from this group, send email to
> selenium-user...@googlegroups.com.
> For more options, visit this group athttp://groups.google.com/group/selenium-users?hl=en.
>
> --
> This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this ...
>
> --
> You received this message because you are subscribed to the Google Groups
> "Selenium Users" group.
> To post to this group, send email to seleniu...@googlegroups.com.
> To unsubscribe from this group, send email to
> selenium-user...@googlegroups.com.
> For more options, visit this group athttp://groups.google.com/group/selenium-users?hl=en.
>
> --
>
> read more »
PeterJef...@hotmail.co.uk
Aug 25, 2011, 5:08:34 AM8/25/11
to Selenium Users
Thanks Krishnan .. that certainly seems to work!
The simplest solutions are always the best.
On Aug 25, 9:13 am, Krishnan Mahadevan
The simplest solutions are always the best.
On Aug 25, 9:13 am, Krishnan Mahadevan
<krishnan.mahadevan1...@gmail.com> wrote:
> Peter,
> Can you try if the following would work for you ?
>
> driver.navigate().to("javascript:document.getElementById('overridelink').click()");
>
> Thanks & Regards
> Krishnan Mahadevan
>
> "All the desirable things in life are either illegal, expensive, fattening
> or in love with someone else!"
>
> On Wed, Aug 24, 2011 at 7:11 PM, PeterJeffreyG...@Hotmail.co.uk <
> Peter,
> Can you try if the following would work for you ?
>
> driver.navigate().to("javascript:document.getElementById('overridelink').click()");
>
> Thanks & Regards
> Krishnan Mahadevan
>
> "All the desirable things in life are either illegal, expensive, fattening
> or in love with someone else!"
>
Mark Collin
Aug 25, 2011, 5:37:53 AM8/25/11
to seleniu...@googlegroups.com
To be honest I'm surprised it worked at all, that looks like a potential
attack vector to try and exploit to me.
attack vector to try and exploit to me.
The way I could see it being exploited would be a XSS attack on a site that
redirects you to the malicious secure site using some JavaScript to auto
accept any security warnings, but I'm probably getting ahead of myself
here...
Something I may have to dig into when I have some spare time because it
*feels* wrong to me.
Hi Mark
Peter
If you have received this email in error please notify postm...@ardescosolutions.com
PeterJef...@hotmail.co.uk
Aug 25, 2011, 6:03:28 AM8/25/11
to Selenium Users
Do you think it is worth reporting this as a potential bug to
Microsoft so that they can check it out urgently if they think its a
potential problem, or would they only be concerned if someone could
prove its a real loophole that could actively exploited as you
suspect?
From my point of view, I don't want to build critical tests that
depend on a solution that may suddenly get blocked without notice.
On Aug 25, 10:37 am, "Mark Collin" <m...@ardescosolutions.com> wrote:
> To be honest I'm surprised it worked at all, that looks like a potential
> attack vector to try and exploit to me.
>
> The way I could see it being exploited would be a XSS attack on a site that
> redirects you to the malicious secure site using some JavaScript to auto
> accept any security warnings, but I'm probably getting ahead of myself
> here...
>
> Something I may have to dig into when I have some spare time because it
> *feels* wrong to me.
>
> -----Original Message-----
> From: seleniu...@googlegroups.com
>
> [mailto:seleniu...@googlegroups.com] On Behalf Of
> PeterJeffreyG...@Hotmail.co.uk
> ...
>
> read more »
Microsoft so that they can check it out urgently if they think its a
potential problem, or would they only be concerned if someone could
prove its a real loophole that could actively exploited as you
suspect?
From my point of view, I don't want to build critical tests that
depend on a solution that may suddenly get blocked without notice.
On Aug 25, 10:37 am, "Mark Collin" <m...@ardescosolutions.com> wrote:
> To be honest I'm surprised it worked at all, that looks like a potential
> attack vector to try and exploit to me.
>
> The way I could see it being exploited would be a XSS attack on a site that
> redirects you to the malicious secure site using some JavaScript to auto
> accept any security warnings, but I'm probably getting ahead of myself
> here...
>
> Something I may have to dig into when I have some spare time because it
> *feels* wrong to me.
>
> -----Original Message-----
> From: seleniu...@googlegroups.com
>
> [mailto:seleniu...@googlegroups.com] On Behalf Of
>
> read more »
Mark Collin
Aug 25, 2011, 6:12:20 AM8/25/11
to seleniu...@googlegroups.com
It sounds like it *could* be an exploitable loophole, but it would need some
investigation before getting too worried about it. :)
investigation before getting too worried about it. :)
To be honest I doubt MS would even bother looking at it unless you can prove
it's a valid loophole and it gets plastered all over the net.
-----Original Message-----
From: seleniu...@googlegroups.com
[mailto:seleniu...@googlegroups.com] On Behalf Of
--
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
If you have received this email in error please notify postm...@ardescosolutions.com
PeterJef...@hotmail.co.uk
Aug 25, 2011, 7:01:11 AM8/25/11
to Selenium Users
Ok ... mums the word.
Thanks for your input.
On Aug 25, 11:12 am, "Mark Collin" <m...@ardescosolutions.com> wrote:
> It sounds like it *could* be an exploitable loophole, but it would need some
> investigation before getting too worried about it. :)
>
> To be honest I doubt MS would even bother looking at it unless you can prove
> it's a valid loophole and it gets plastered all over the net.
>
> -----Original Message-----
> From: seleniu...@googlegroups.com
>
> [mailto:seleniu...@googlegroups.com] On Behalf Of
> If you have received this email in error please notify postmas...@ardescosolutions.com
Thanks for your input.
On Aug 25, 11:12 am, "Mark Collin" <m...@ardescosolutions.com> wrote:
> It sounds like it *could* be an exploitable loophole, but it would need some
> investigation before getting too worried about it. :)
>
> To be honest I doubt MS would even bother looking at it unless you can prove
> it's a valid loophole and it gets plastered all over the net.
>
> -----Original Message-----
> From: seleniu...@googlegroups.com
>
> [mailto:seleniu...@googlegroups.com] On Behalf Of
Reply all
Reply to author
Forward
0 new messages