Securely Posting And Then Printing Javascript Tags
Solution 1:
If you include 3rd party javascript code, you are always risking XSS. Let's say, you're testing the code from ad provider:
<scriptsrc="http://some3rdPartySite.com/script.js"></script>
- Script can be altered to be displayed and to cause different results on target domain and on all other pages. That is, you can see how it wants to be showed to you, but you can't be sure that it will be the same in some of your customer's games.
- Ad provider can change the script on it's server at any moment, possibly after your tests.
If you do not trust your ad vendors, I suggest to let them choose image + URL or iframe URL + dimensions. You can do "bad stuff" with Iframe too (like frame-busting thus redirecting from your customer page), but you still must obey cross-domain policy. This is not the case if you let javascript code to be executed.
You could also provide your own analytics for ad vendors to fill their needs.
Anyway, for testing javascript results you could use Selenium drivers with any browser: http://seleniumhq.org/. It let's you to load any page, execute javascript code and get results. In this way you could load your javascript code, search DOM for nodes and check their dimensions etc.
Also, you can look at sahi: http://sahi.co.in/w/
Post a Comment for "Securely Posting And Then Printing Javascript Tags"