Simon Bennetts
Simon Bennetts
Does the site in question support HTTPS? The HUD can only work over HTTPS as is uses modern technologies like WebSockets and Web Workers. If a site doesnt support HTTPS...
I have no problem adding DOMPurify to the ZAP domain - it could definitely prove useful. We're trying to limit what we include on the target domain, but that doesnt...
Yes, the HUD runtime JS is delivered by ZAP so we need it there. And please got ahead with that change - I was going to look at the 3rd...
@dscrobonia thoughts on how this should work?
@dscrobonia so how about we add a callback when a tool gets added to a panel? Then the tool can do any extra things it needs to do...
I'm pretty sure it wont, but yeah, definitely worth checking before implementing this proposal :)
I guess a better option would be to see which features the relevant browsers fail on, then try to detect if those are supported and if not show a suitable...
For info JxBrowser 6.22.2 fails with: SecurityError: Failed to register a ServiceWorker: An SSL certificate error occurred when fetching the script.: {} Raised as https://stackoverflow.com/questions/54222389/jxbrowser-fails-to-register-a-serviceworker-if-a-certificate-error-occurs
JxBrowser 6.23 which uses chromium 69 is now available. I've raised https://github.com/zaproxy/zaproxy/issues/5231 to upgrade it in ZAP and then we can see if the HUD works with it :)
Been testing using the jericho parser and its fixed most of the problems, with the exception of the BBC site (as per #70). Still need to do more testing (and...