John Watson

Hello! My name is Watson and I’m a freelance web developer. I create web sites using the latest tech for clients of all sizes. Contact me and I’ll help you build your dream project.

Testing for browser SSL warnings

I use an automated deployment script for BigHugeLabs.com. I’ll regularly do around 10 deployments every day so it’s important that the system has as much automation as possible. The deploy script builds CSS and JS files, updates shared libraries, deploys files to several locations, and does some testing.

One test I recently added was an automated test for browser SSL warnings. SSL warnings appear in a browser when the browser requests an https page but some of the resources requested on that page are unencrypted. While a study has shown that most people will ignore the warnings, that still leaves a lot of people who take them seriously.

The test works by using wget to request SSL pages and test for non-encrypted resources. Here’s the relevant Bash:

wget –quiet -O - “https://bighugelabs.com/cart.php" | grep -P ‘(script|img).*?src=“http://’
if [ $? -eq 0 ]
then
  echo “     *** SSL WARNING IN CART/CHECKOUT! ***”
  beep -r 3
else
  echo “     OK”
fi
wget requests the page and pipes it to stdout. grep scans the page using a Perl regular expression for tags that load http:// resources (rather than relative URLs or https://). $? -eq 0 tests that the exit status of grep is zero. The exit status is 0 if grep finds a match and 1 if it does not. For good measure the script beeps three times if there is a problem.

This isn’t fool-proof by any means. The regular expression isn’t all-inclusive, for one. It also ignores problems that can be caused by scripting. But it’s a start that should catch some problems caused by embedding resources directly into the page.