Jmeter Script Replay Issue - Please enable JavaScript to view Page Content - javascript

I am facing an issue in simulating below scenario in JMeter script. Appreciate if anyone of you can help with a solution.
I am trying to create JMeter script for a form submission flow which is a .NET application. One of the HTTP Request Samplers is getting redirected to a different HTTP request. JMeter script replay is able to redirect to correct HTTP request; however, it doesn’t provide required HTTP response.
It fails with the message – “Please enable JavaScript to view the page content. Your support ID is: 7865380748200702010”
While recording the script, it gives proper response with .net variables such as View State, View State Generator, Event Validation etc.
Please help me if you have got this earlier.

Most probably you're not sending the right requests because your script is missing or doesn't have properly implemented correlation of the dynamic parameters
In the vast majority of cases you won't be able to replay the recorded test scenario, in your case due to incorrect hard-coded recorded values of these View State, View State Generator, Event Validation, etc.
While browser is sending these variables automatically for JMeter you need to extract them from the previous response using a suitable PostProcessor (I would recommend CSS Selector Extractor), convert them into JMeter Variables and replace hard-coded values with the variables. You can see ASP.NET Login Testing with JMeter article for example correlation of these .NET web applications dynamic parameters.
With regards to JavaScript in general, as per Apache JMeter project main page
JMeter is not a browser, it works at protocol level. As far as web-services and remote services are concerned, JMeter looks like a browser (or rather, multiple browsers); however JMeter does not perform all the actions supported by browsers. In particular, JMeter does not execute the Javascript found in HTML pages. Nor does it render the HTML pages as a browser does (it's possible to view the response as HTML etc., but the timings are not included in any samples, and only one sample in one thread is ever displayed at a time).
so if a part of your page is being loaded by JavaScript (i.e. using AJAX technology) JMeter again won't execute this request automatically, you will need to properly simulate it

Related

Can we parse response in jmeter

Im newbie to jmeter and Im stuck in a situation. Altough scenario is simple but like i said Im newbie to Jmeter.
I have to request a webpage.
In response I will receive an HTML file which will contain a java script code.
I have confirm some string present in that javascript code
I know I can do this with the help of seleium webdriver and I already done it so far but I need to run this test multiple times.
and as far as JMeter goes it discard any scrip present in response. So please help me out
JMeter will not run Javascript. That doesn't mean that it will ignore it.
Add a Response Assertion to your HTTP Request Sampler (right click on it, Add -> Assertions -> Response Assertion). This will let you add Strings and Assert that that String exists in the Response (NB: unlike, for instance, C++, an assertion here won't stop your test, it will only make that Sampler an error).
To use the Response Assertion, switch the Radio Button to Contains and click Add at the bottom center. In the new box that shows up in the center, add the "some string present in that javascript code."
First of all in your HTTP request sampler, you should select an option, 'Retrieve all embedded resources', after this jmeter will retrieve all resources like css,js,graphics etc.
Also you might want to take a look at http://jmeter-plugins.org/
This library contains some really cool plugins for jmeter testing.
You should look for some kind of Post Processors and add that to your test script. These can be used to extract some particular resources from retrieved data.
Also, one unrelated advice because you are new, Do not add Many/Any Listeners to your jmeter test plan.
From JMeter Project Main Page
JMeter is not a browser
JMeter is not a browser. As far as web-services and remote services are concerned, JMeter looks like a browser (or rather, multiple browsers); however JMeter does not perform all the actions supported by browsers. In particular, JMeter does not execute the Javascript found in HTML pages. Nor does it render the HTML pages as a browser does (it's possible to view the response as HTML etc., but the timings are not included in any samples, and only one sample in one thread is ever viewed at a time).
JMeter acts on protocol level, of your JavaScript is doing something local - you can duplicate the logic using JSR223 Test Elements
If JavaScript is used to send a request - you can mimic the request using JMeter, JMeter doesn't execute JavaScript but it is able to record and replay JavaScript-driven requests with HTTP(S) Test Script Recorder and HTTP Request samplers
If you're trying to load test an application which is AJAX-based and you need to simulate the requests from real browser (i.e. asynchronous, several requests at a time triggered by opening the page, etc) - you will need to do some extra work as JMeter doesn't provide any test elements to jump over defined virtual users defined on Thread Group level. There are several techniques on testing AJAX applications with JMeter, see How to Load Test AJAX/XHR Enabled Sites With JMeter guide for more details

Obtain from microstrategy an exported PDF document directly

This is my situation:
I have a third part that uses a software called microstrategy which is able to generate documents and allow to export them as PDF or Excel files. They provide me only web api of this product, and I haven't any web service to work with.
The url is like:
http://<third_part_domain>/microstrategy/asp/Main.aspx?Server=<third_part_domain>&Project=<project_name>&evt=3069&src=Main.aspx.3069&executionMode=3&promptAnswerMode=1&documentID=<doc_id>&uid=<username>&pwd=<password>&<other_parameters_for_request>
I have try to obtain the file (that I must save on server side) by java code, but the response of the link that we use is an HTML page with some code Javascript that does more than one redirect, so I can not interpreted correctly the response and I should use a browser to obtain the PDF.
So I have thought to put the page into a iframe and after a while (usually the server takes 20 second) take the PDF object by javascript code and send to my server. But obviously the third part have another domain and the CORS policies block everything. To make matters worse, I can not use the final url to obtain the file because the microstrategy respond me with an internal page of the administration console.
So, that's my question:
Is there a way (that is not on the microstrategy server side) to obtain directly the PDF from microstrategy?
Or exists a way from client side to bypass the problem of origin control? I have evaluated to implement a proxy for solution but it's too expensive.
Thanks to all!
You need two things in order to download a PDF from MicroStrategy using a URL:
In the document property set that default visualization as PDF. This is pretty trivial and I think any of your MicroStrategy savvy colleague can help you with this.
Disable the waiting page, this is more complicated. When MicroStrategy generates a documents, usually it needs some time, meanwhile the server is working it will show you a waiting page. Useful if the request comes from a human (the human can go on StackOverflow), not that much if the call arrives from API.
The instruction to disable the waiting page are here: TN34124: How to Disable the Wait Page in MicroStrategy Web using the MicroStrategy Web SDK 9.x.
But I read from your question that you have no control on the third party MicroStrategy application. In that case there is little you can do. You can try to ask them to implement the customization to remove the waiting page or allow you to use taskproc API, but that's a story for another day.
Some options:
Ask the third party to schedule the PDF generation on their side and send it via mail to you. Or place it on a shared folder that is shared between you.
Ask for a different URL Tuareg from the file-share menu options. This will give a URL with 'subscriptionid' in it.

How to prevent .load() from browser console?

I want some content of my website to be dynamically loaded after login. A $.post(...) interacts with a servlet which validates the user's credentials, and then a $.load(url) loads the content from a separate page into a <div>. I noticed that, as long as I know where to fetch the content from, I can force this behavior from the chrome javascript console, bypassing validation.
How can I prevent a user from doing this?
You can't.
Once a document has been delivered to the user's browser it is completely under the control of the user. They can run any JS they like.
The URLs you present on your webserver are the public interface to it. Anyone can request them. You can use authentication/authorization to limit who gets a response, but you can't make that response conditional on the user running specific JavaScript that you supply.
The server needs to authorize the user each time it delivers restricted data. You can't do it once and then trust the browser to enforce it.
You can add a secret parameter to the url you load. By defining a random variable in the users session (server side) or in the database, and then return this variable once the validation is successful so your javascript code can use the variable in the next load call. In the load url you can check at the server side if the secret parameter had the correct value or not.
Hope its clear.
The simple answer is: You Can't.
JavaScript runs within the browser and therefore a user or application can run their own code whenever the feel like. This could be as simple as adding new CSS or running their own JS codes.
The main thing you can do to disable this is to ensure all of the requests are validated on your server side before being run as well as allowing only entry for certain types of information (like only allowing integers as numbers to stop strings coming through).
Something close to this sort of problem is XSS or Cross-Site Scripting. A 3rd party will try to inject some malicious code to a trusted website, usually some form of POST, to affect different users. Here is some more information on the matter
Cross-Site Scripting - Wikipedia
CSS - OWASP

Process redirect in Javascript

I use HttpClient 4.3.4.
I make POST request - site in turn makes a few redirects (code page 302), which handled by HttpClient automatically (use LaxRedirectStrategy) by HttpClient. At the end I get HTML page (code 200) with the title Redirection .... In its content there is the Javascript code with redirection on some URL. This redirection is not (of course) handled by HttpClient.
I tried to parse this page to get the URL make appropriate GET request (similar to browser) but site return HTML page with error (although I do not understand why this happens).
Is there is some way to handle redirects in Javascript?
HttpClient is a library that handles the HTTP protocol for you. It's not supposed to handle the content transfered by the protocol. The content, HTML and javascript, needs to be processed by a real browser or some simplified version of a browser.
You can either try to parse and execute the javascript yourself using an embedded javascript engine, or start a real browser. For the later option I recommend Selenium, a web browser automation tool.
Your approach is brittle since it depends on the specific rediction logic used by the content at the time you wrote the parsing code. As for why it fails, there could be complications in the javascript yet to be discovered.

How can I achieve safe user-generated client script execution?

So we all know that eval is bad, and allowing users to create their own JavaScripts to run on your site is just potentially VERY dangerous, opening doors to all kinds of security risks.
My challenge however, is to come up with a solution, to allow users to create their own custom script snippets, that will execute on the client side. These scripts are basically prediction algorithms, that allow each individual user to build their very own customized prediction strategy, calculating and processing a set of data provided to them via AJAX.
Basically, on regular time intervals, an AJAX request is made by the system, a JS event is trigerred, notifying the client side each time new data has arrived. The above user scripts are allowed to hook into/subscribe to this event, executing the users algorithm on the received data, and outputting the result of their algorithm.
The following problem I have...If I allow users to create their own JavaScripts, they can pull all kinds of fancy tricks, like make cross browser unauthorized AJAX requests, invoke unintended input events and in plain short...attempt to hack the system with malicious intent.
I need to encapsulate these scripts, restricting them from using the browser context. For example they cannot make AJAX requests, or invoke click events on the page. The only access they have is to the data supplied, via a pre-determined input>process>output interface.
So my question is, how can my site, give users, SAFE, limited, scripting access? Is there for example a Lua script parser written in JavaScript or something likewise that can be utilised?
Would something like ADsafe work for your site?

Categories