not sure there is an easy way around this with Watir itself, since
it's designed to drive the browser like a user would.
Seems like for this kind of spoofing, where you are sending something
that the browser won't normally allow, there are a couple of options.
you already talked about using something to handcraft the requests,
and I presume you know about saving a page locally, modifying it and
then running it to submit invalid requests.
You could also use a protocol level tool like Fiddler2 to capture the
traffic, then modify and replay the request.. which is faster and
easier and really good for quick off the cuff tests, but not really
what you are looking for..
So I think what you'd want to do is look into protocol level
scripting, which can be done with Ruby (or python and I think perl).
The book 'Everyday Scripting with Ruby') has an example of creating a
class to send a HTTP post request on page 151 (I just pulled down my
copy and looked it up in the index)..
The O'Reilly "Ruby Cookbook" also has a few pages worth of stuff
dealing with HTTP as well.
What would be nice of course (and I've no idea if this is possible)
would be to have a way to direct the response from the request into a
browser session, so you could use watir to evaluate how the server
responded to the invalid data, but I expect you're likely to have to
parse through it manually.
On Apr 8, 5:40 pm, Paul Denize <paul.den...@datacom.co.nz> wrote:
> In previous versions of watir I used to send 11 characters to a field
> that had a maxlimit of 10. This would ensure the server also checked
> the parameter and did something sensible (truncate or error message).
>
> The newer version seems a bit "safer" and ie.text_field (:index,1).set
> ("01234567890") just truncates the input to the maxlength. Ok I
> accept that and found I could use ie.text_field (:index,
> 1).value="01234567890" in the instances where I wanted to do the
> server side validation.
>
> NOW THE PROBLEM
>
> How do I do that for a combo box?
>
> I want to send a value that is not in the list of options. One way
> might be to add the item and then send it (sorta the same thing I
> guess). In any case the server should again check and handle this.
>
> And I bet the next question I ask will be around Radios and
> Checkboxes? Setting/sending invalid values.
>
> BACKGROUND
>
> For those unfamiliar with OWASP threats (google that) and see that
> this is amongst the most common vulnerabilities in security. You
> cannot assume the web browser will safeguard inputs. In fact till now
> we have manually used Firefox and Tamperdata to do this. But the task
> is very difficult and time consuming - So I want to automate these
> tests too.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Watir General" group.
To post to this group, send email to watir-general@googlegroups.com
Before posting, please read the following guidelines:
http://wiki.openqa.org/display/WTR/Support
To unsubscribe from this group, send email to
watir-general-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/watir-general
-~----------~----~----~----~------~----~------~--~---
