Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/security/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
从Javascript检测损坏的锁图标(混合安全/不安全内容)_Javascript_Security_Ssl_Https_Selenium - Fatal编程技术网
Fatal编程技术网
  • javascript/
  • 从Javascript检测损坏的锁图标(混合安全/不安全内容)

从Javascript检测损坏的锁图标(混合安全/不安全内容)

javascript security ssl https selenium

从Javascript检测损坏的锁图标(混合安全/不安全内容),javascript,security,ssl,https,selenium,Javascript,Security,Ssl,Https,Selenium,我正在努力使一个网站在HTTPS下完全功能化。作为其中的一部分,我想确保我们永远不会“打破锁”。也就是说,我们永远不应该在SSL页面上加载非SSL内容,这可能会触发警告或其他指示,具体取决于浏览器。为了验证这种情况,我想做两件事: 编写Selenium测试,验证各种操作不会打破锁定 在JS中编写日志代码,在用户会话期间检查锁是否已损坏,如果已损坏,则返回到服务器 JS中是否有任何方法可用于检查浏览器HTTPS锁定图标的已断开/未断开状态?或者等效地,当前页面内容的混合/非混合状态?您可以迭代整个

我正在努力使一个网站在HTTPS下完全功能化。作为其中的一部分,我想确保我们永远不会“打破锁”。也就是说,我们永远不应该在SSL页面上加载非SSL内容,这可能会触发警告或其他指示,具体取决于浏览器。为了验证这种情况,我想做两件事:

  • 编写Selenium测试,验证各种操作不会打破锁定
  • 在JS中编写日志代码,在用户会话期间检查锁是否已损坏,如果已损坏,则返回到服务器
    • JS中是否有任何方法可用于检查浏览器HTTPS锁定图标的已断开/未断开状态?或者等效地,当前页面内容的混合/非混合状态?

    您可以迭代整个DOM并检查所有链接,以确保它们是https://您无法从JavaScript本身检测到这一点,但您可以使用HTTP标头指示浏览器将混合内容的报告发送到服务器或第三方聚合服务

    下面是一个CSP头的示例,它向第三方服务report-uri.io报告混合内容:

    
仅限内容安全策略报告:默认src https:;报告urihttps://report-uri.io/report/

    由报表URI的维护者编写,它将更详细地介绍如何工作。如果愿意,您还可以将CSP头配置为报告到您自己的URL。

    您可以使用我编写的PHP CLI脚本来扫描您的站点,以查找混合内容

    从CLI运行此脚本,例如:

    $ mixed-content-scan https://www.bram.us/
    脚本本身将开始扫描,并在运行时提供反馈。当发现混合内容时,屏幕上将显示导致混合内容警告的URL:

    $ mixed-content-scan https://www.bram.us/
[2015-01-07 12:54:20] MCS.NOTICE: Scanning https://www.bram.us/ [] []
[2015-01-07 12:54:21] MCS.INFO: 00000 - https://www.bram.us/ [] []
[2015-01-07 12:54:22] MCS.INFO: 00001 - https://www.bram.us/projects/ [] []
[2015-01-07 12:54:22] MCS.INFO: 00002 - https://www.bram.us/projects/mint-custom-title/ [] []
[2015-01-07 12:54:23] MCS.INFO: 00003 - https://www.bram.us/projects/bramusicq/ [] []
[2015-01-07 12:54:24] MCS.INFO: 00004 - https://www.bram.us/projects/gm_bramus/ [] []
[2015-01-07 12:54:24] MCS.INFO: 00005 - https://www.bram.us/projects/js_bramus/ [] []
[2015-01-07 12:54:26] MCS.INFO: 00006 - https://www.bram.us/projects/js_bramus/jsprogressbarhandler/ [] []
[2015-01-07 12:54:27] MCS.INFO: 00007 - https://www.bram.us/projects/js_bramus/lazierload/ [] []
[2015-01-07 12:54:27] MCS.INFO: 00008 - https://www.bram.us/projects/the-box-office/ [] []
[2015-01-07 12:54:28] MCS.INFO: 00009 - https://www.bram.us/projects/tinymce-plugins/ [] []
[2015-01-07 12:54:29] MCS.INFO: 00010 - https://www.bram.us/projects/tinymce-plugins/tinymce-classes-and-ids-plugin-bramus_cssextras/ [] []
[2015-01-07 12:54:30] MCS.INFO: 00011 - https://www.bram.us/projects/flashlightboxinjector/ [] []

...

[2015-01-07 12:54:45] MCS.INFO: 00036 - https://www.bram.us/2007/06/04/accessible-expanding-and-collapsing-menu/ [] []
[2015-01-07 12:54:45] MCS.ERROR: 00037 - https://www.bram.us/demo/projects/jsprogressbarhandler/ [] []
[2015-01-07 12:54:45] MCS.WARNING: http://www.google-analytics.com/urchin.js [] []
[2015-01-07 12:54:46] MCS.INFO: 00038 - https://www.bram.us/2008/07/11/ror-progress-bar-helper/ [] []
[2015-01-07 12:54:46] MCS.INFO: 00039 - https://www.bram.us/2008/11/10/jsprogressbarhandler-033/ [] []
[2015-01-07 12:54:47] MCS.ERROR: 00040 - https://www.bram.us/demo/projects/lazierload/ [] []
[2015-01-07 12:54:47] MCS.WARNING: http://farm2.static.flickr.com/1212/1285026452_0aeb38b6e6.jpg [] []
[2015-01-07 12:54:47] MCS.WARNING: http://farm2.static.flickr.com/1074/1273115418_a77357040a.jpg [] []
[2015-01-07 12:54:47] MCS.WARNING: http://farm2.static.flickr.com/1096/1273106588_91f7a736c6.jpg [] []
[2015-01-07 12:54:47] MCS.WARNING: http://farm2.static.flickr.com/1324/1216309045_31ca82f9d9.jpg [] []
[2015-01-07 12:54:47] MCS.WARNING: http://farm2.static.flickr.com/1262/1217169586_e4b2bfa7df.jpg [] []
[2015-01-07 12:54:47] MCS.WARNING: http://farm2.static.flickr.com/1149/1216304291_63fd48d9c4.jpg [] []
[2015-01-07 12:54:47] MCS.WARNING: http://farm2.static.flickr.com/1366/1216301505_51b3c590ff.jpg [] []
[2015-01-07 12:54:47] MCS.WARNING: http://farm2.static.flickr.com/1184/1216299847_c57975bed2.jpg [] []
[2015-01-07 12:54:47] MCS.WARNING: http://farm2.static.flickr.com/1085/1217158084_a9b059d25b.jpg [] []
[2015-01-07 12:54:47] MCS.WARNING: http://farm2.static.flickr.com/1040/1216293529_3b7c044815.jpg [] []
[2015-01-07 12:54:47] MCS.WARNING: http://farm2.static.flickr.com/1029/1084232736_5b8c023f46.jpg [] []
[2015-01-07 12:54:47] MCS.WARNING: http://farm2.static.flickr.com/1318/1043062251_17071a8cc7.jpg [] []
[2015-01-07 12:54:47] MCS.WARNING: http://farm2.static.flickr.com/1221/1043059543_05713e6156.jpg [] []
[2015-01-07 12:54:47] MCS.WARNING: http://www.google-analytics.com/urchin.js [] []
[2015-01-07 12:54:47] MCS.INFO: 00041 - https://www.bram.us/2011/09/30/css-regions-and-css-exclusions/ [] []
[2015-01-07 12:54:47] MCS.INFO: 00042 - https://www.bram.us/2014/06/04/good-looking-shapes-gallery/ [] []

...
    还可以传入包含要扫描的URL列表的文件,并将输出更改为JSON。也支持忽略模式。

    这是一个好主意,但不考虑XHR、JSONP和帧间RPC请求。这是一个庞大的代码库,很难在错误出现之前捕捉到错误,因此需要不断地进行测试和记录。