[Fwd: javascript test feed]

[James M Snell <ja...@gmail.com>]

All,

See the attached.  At some point, I'd like to get these worked into our
test suite (once they've been converted over to Atom).  We currently
have element and text filtering capabilities and it would be cool if we
had a default implementation that addressed these issues.

I'm posting it here just as an FYI and mostly as a reminder to myself,
but if others want to jump in, feel free :-)

- James

-------- Original Message --------
From: - Mon Aug  7 06:54:02 2006
X-Account-Key: account2
X-UIDL: GmailId10ce8a3971764f74
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Gmail-Received: fec69efdaa4ba213c4e74023b9fc27fc1e311336
Delivered-To: jasnell@gmail.com
Received: by 10.66.251.8 with SMTP id y8cs396108ugh;        Mon, 7 Aug
2006 05:37:53 -0700 (PDT)
Received: by 10.35.20.14 with SMTP id x14mr12168597pyi;        Mon, 07
Aug 2006 05:37:50 -0700 (PDT)
Return-Path: <j4...@hotmail.com>
Received: from bay0-omc1-s5.bay0.hotmail.com
(bay0-omc1-s5.bay0.hotmail.com [65.54.246.77])        by mx.gmail.com
with ESMTP id n78si3621527pyf.2006.08.07.05.37.50;        Mon, 07 Aug
2006 05:37:50 -0700 (PDT)
Received-SPF: pass (gmail.com: domain of j4_james@hotmail.com designates
65.54.246.77 as permitted sender)
Received: from hotmail.com ([64.4.19.86]) by
bay0-omc1-s5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);	
Sat, 5 Aug 2006 19:14:10 -0700
Received: from mail pickup service by hotmail.com with Microsoft
SMTPSVC;	 Sat, 5 Aug 2006 19:14:10 -0700
Message-ID: <BA...@phx.gbl>
Received: from 81.179.67.181 by BAY109-DAV14.phx.gbl with DAV;	Sun, 06
Aug 2006 02:14:05 +0000
X-Originating-IP: [81.179.67.181]
X-Originating-Email: [j4_james@hotmail.com]
X-Sender: j4_james@hotmail.com
From: James Holderness <j4...@hotmail.com>
To: James M Snell <ja...@gmail.com>
Subject: javascript test feed
Date: Sun, 6 Aug 2006 03:11:59 +0100
MIME-Version: 1.0
Content-Type: text/plain;	format=flowed;	charset="Windows-1252";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-OriginalArrivalTime: 06 Aug 2006 02:14:10.0448 (UTC)
FILETIME=[00FDE100:01C6B8FE]
Return-Path: j4_james@hotmail.com

Hi James

You're welcome to add anything you find useful to Abdera's test suite.
Included below is my stock reply with information about the tests.

Regards
James

First I should stress that these tests aren't particularly thorough.
They're
mostly targeted at IE since they were originally designed for testing our
desktop client which uses IE as a renderer. Also there's a lot of stuff I
didn't bother testing because I was fairly sure it wouldn't affect our
code.
I probably will add more when I get the time, but that may be never.

For now, the feed with the full set of tests can be found here:

http://216.93.169.119/tests/rss/security/everything.rss

However, if you need to test in smaller groups you can use a URL like this
(say you just want tests 10 to 20):

http://216.93.169.119/tests/rss/security/10_20.rss

For an individual test, you can use something like this:

http://216.93.169.119/tests/rss/security/15.rss

There are currently 85 tests in total, and each one tries to popup an alert
window saying "Security Test #x" where x is the test number (makes it easy
to tell exactly which tests are failing). One of the tests (currently #12)
is testing onmouseover so it won't trigger automatically.

You should be warned that some aggregators will go into an infinite loop on
certain tests, popping up the alert over and over again making it very
difficult to shut down the aggregator and/or unsubscribe from the feed. The
tests most likely to cause that problem are in the range 77 to 81. Test
number 8 has also made the feed fail completely in some aggregators so if
that happens you should try testing 1 to 7 and 9 to 85 separately.

A lot of the tests are just variations of the same basic attack so more
often than not you'll find aggregators failing them in sets, but I
prefer to
leave in as many variations as possible just to be safe.

The feed automatically regenerates every couple of days with a new set of
dates (makes it easier for me to test aggregators that only show recent
items), so don't be surprised if you subscribe to it and suddenly find
everything showing up as new again.

If you're testing online aggregators, IE6 is the best browser to use since
it tends to show up more errors than Firefox and IE7. Actually the same
goes
for desktop clients that use IE as a renderer - test with IE6 where
possible. I haven't done much testing with other browsers.

I think that's basically all you need to know. Feel free to email if you
have any questions.