On Wed, 23 Nov 2005, Sandy Demi wrote:
[...]
Putting the Selenium files in Apache's doc root works fine.
[...]
Some of the comments in this thread made me wonder whether people are
doing this on live servers. Is that wise? (where 'that' == 'making
Selenium available on an internet-accessible server')
Say you have a site S that uses cookies as persistent login tokens. You
also have, say, a wiki whose pages share the same scheme name, hostname
and port as S. The wiki does all its HTML-quoting corectly, but does let
you create tables on wiki pages, whose TDs can contain arbitrary
(HTML-quoted) text. I think you can then make a URL that would perform
some arbitrary sequence of actions on S with the same user as the victim
who clicked the link (IIRC there's some sort of automated run feature in
the Selenium test runner, plus a 'test' query param to tell it which HTML
page to load the tests from). I haven't actually tried this, though, so
maybe it falls down somewhere...
(this wouldn't apply to the ThoughtWorks Selenium demo page, of course:
the wiki is on a separate third-level domain)
John
_______________________________________________
Selenium-users mailing list
Selenium-users@lists.public.thoughtworks.org
http://lists.public.thoughtworks.org/mailman/listinfo/selenium-users
