Steven Lambert
Steven Lambert
Out of curiosity, what does your package.json dependencies look like? Specifically the axe-webdriverjs and selenium-webdriver versions
Thanks to @michael-siek, we think it might be related to this issue: https://github.com/SeleniumHQ/selenium/issues/4961. A few comments suggest that adding `--no-sandbox` when we start chromedriver will fix the problem. I'll go...
Scratch that, we already have a way you can do this without a pr. You can use the [--chrome-options](https://github.com/dequelabs/axe-cli#custom-chrome-flags) flag to add `--no-sandbox`. That should hopefully fix it for you....
I believe you need to pass `error` and `results` to the callback function of `axeBuilder.analyze`: ```js AxeBuilder(driver).analyze(function(err, results) { if (err) { // Handle error somehow } console.log(results); }); ```...
Does the file `return` the string or `console.log`? If it just outputs the string, you could execute a command using `$(command)` ```bash axe $(node axe/index.js) ```
Odd. If you have it `console.log()` instead of `return` it should take the output of the file and use it as parameters. ```js // axe/index.js console.log("dequeuniversity --timeout=120 --save testlog.json"); ```...
Axe-cli cannot test pages behind logins. I would guess that the discrepancy in errors is due to testing a login page (usually caused by a redirect when not authenticated) rather...
Our paid versions of the Axe suite do allow scanning behind logins. My colleague Kyle would be happy to discuss your specific use case if you'd like to learn more!...
Thanks for the issue. We'll look into it.
The `data` protocol [can allow attack vectors](https://paladion.net/bypass-xss-filters-using-data-uris/) through `data:text/html`, so we shouldn't allow that. It's [also possible in Firefox (even current)](https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#You_can_EMBED_SVG_which_can_contain_your_XSS_vector) to use the `embed` element and `data:image/svg+xml` as an...