Analysis and Testing of Ajax-based Single-page Web Applications
Analysis and Testing of Ajax-based Single-page Web Applications
Analysis and Testing of Ajax-based Single-page Web Applications
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
for DOM mutation events (W3C, a). The mutation event module was introduced<br />
in DOM Level 2 <strong>and</strong> is designed to allow notification <strong>of</strong> document structural<br />
changes, including attribute <strong>and</strong> text modifications. This way, by subscribing<br />
to the mutation events, the crawler is automatically informed <strong>of</strong> DOM changes<br />
<strong>and</strong> thus redundant DOM comparisons can be avoided, which in turn<br />
increases the crawling performance. Another issue is coping with DOM changes<br />
that are not directly caused by an event fired by the crawler, such as<br />
pushed content from the server.<br />
The dynamic user interface components <strong>and</strong> the huge combinations <strong>of</strong> click<br />
trails in changing the state, makes modern web interfaces very challenging to<br />
analyze <strong>and</strong> test. Atusa, currently detects <strong>and</strong> executes clickable elements<br />
in a top-down, depth-first manner. This implies that first, the inferred state<br />
machine is one possible instance <strong>of</strong> the state space, <strong>and</strong> second, the order<br />
<strong>of</strong> the events could have an influence on the faults executed <strong>and</strong> detected.<br />
How these parameters influence the effectiveness <strong>of</strong> the testing approach, <strong>and</strong><br />
whether click trails that mimic a web user’s actions would help the tool in<br />
finding more relevant faults, are all questions that form possible extensions<br />
<strong>of</strong> the work presented in this thesis. In addition, further work is needed to<br />
explore possibilities <strong>of</strong> implementing useful <strong>and</strong> robust oracle comparators<br />
<strong>and</strong> element identification mechanisms in the generated test cases (from the<br />
state machine by Atusa) for conducting regression testing.<br />
<strong>Testing</strong> modern web applications for security vulnerabilities is far from<br />
trivial. Currently, we are exploring (Bezemer et al., 2009) ways Atusa can be<br />
used to spot security violations in single-<strong>page</strong> web applications comprised<br />
<strong>of</strong> various web widgets created by different developers. Generally, each web<br />
widget should operate in its own environment. As any program code, widgets<br />
can be used for malicious purposes. Security becomes an important aspect<br />
when third-parties are allowed to build <strong>and</strong> include new widgets in public<br />
catalogs. Example scenarios include when a malicious widget changes the<br />
content <strong>of</strong> another widget to trick the user into releasing sensitive information,<br />
or even worse, listens to the account details a user enters in another widget<br />
(e.g., PayPal or Email widgets) <strong>and</strong> sends the data to a malicious site.<br />
Automatically detecting security vulnerabilities such as Cross-Site Scripting<br />
(XSS) (Wassermann <strong>and</strong> Su, 2008) <strong>and</strong> taking preventive measures by, for<br />
instance, instrumenting the JavaScript code (Yu et al., 2007), in <strong>Ajax</strong> applications<br />
are other interesting research areas that require more attention.<br />
7.5 Concluding Remarks<br />
The work presented in this dissertation aims at advancing the state-<strong>of</strong>-the-art<br />
in comprehending, analyzing, <strong>and</strong> testing st<strong>and</strong>ards-<strong>based</strong> single-<strong>page</strong> web<br />
applications, by means <strong>of</strong> a new architectural style, a significant set <strong>of</strong> techniques<br />
<strong>and</strong> tools, <strong>and</strong> case study reports. These contributions are aimed at<br />
helping s<strong>of</strong>tware <strong>and</strong> web engineers better comprehend <strong>and</strong> deal with the<br />
complexity <strong>of</strong> highly dynamic <strong>and</strong> interactive web systems.<br />
162 7.5. Concluding Remarks