freekmurze
commented
4 years ago Thanks!
Closed tonsit closed 4 years ago
freekmurze
commented
4 years ago Thanks!
freekmurze
commented
4 years ago Hi, several users have reported that this PR breaks their app. I've decided to revert this PR.
If you need this functionality, I suggest you fork the repo and add your adjustments there.
We were getting reports from our users that their sites were not secure due to the recent browser updates. Since we had used this tool to scan for mixed content already, I was able to isolate the mixed content to linked css files. We have many sites with linked css that contain background-image with url() that is causing the insecure flag, but was not picked up by the scanning tool.
I saw the notice in the README about the limitations of the scanner tool. Since I know that we have a large number of sites with linked css that points to insecure content, I decided I needed this feature to exist in the scanning tool.
I looked at modifying the crawler to include linked css, but was unable to determine the best way to modify it since it uses the xpath of //a to determine its crawl list. Rather, I added a simple class that can return the body of the CSS via guzzle after the linked css is identified by the extractor class
Scanning linked css is optional, and disabled by default.
Please let me know if I need to make any changes.
If this is accepted, I will be updating the mixed-content-scanner-cli repo to allow the option to be set via a cli parameter