Browser::Javascript: Server arachni env over HTTPS

Arachni · Dec 9, 2021 · ac6976b · ac6976b
1 parent 3136559
commit ac6976b
Showing 1 changed file with 5 additions and 28 deletions.
diff --git a/lib/arachni/browser/javascript.rb b/lib/arachni/browser/javascript.rb
@@ -25,7 +25,7 @@ class Javascript
 
     # @return   [String]
     #   URL to use when requesting our custom JS scripts.
-    SCRIPT_BASE_URL = 'http://javascript.browser.arachni/'
+    SCRIPT_BASE_URL = 'https://javascript.browser.arachni/'
 
     # @return   [String]
     #   Filesystem directory containing the JS scripts.
@@ -183,7 +183,7 @@ def wait_till_ready
     # @return   [Bool]
     #   `true` if our custom JS environment has been initialized.
     def ready?
-        !!run( "return window._#{token}" )
+        run( "return (typeof window._#{token} !== 'undefined' && document.readyState === 'complete')" )
     rescue => e
         print_debug_exception e, 2
         false
@@ -401,32 +401,9 @@ def javascript?( response )
     end
 
     def html?( response )
-        return false if response.body.empty?
-
-        # We only care about HTML responses.
-        return false if !response.html?
-
-        # The last check isn't fool-proof, so don't do it when loading the page
-        # for the first time, but only when the page loads stuff via AJAX and whatnot.
-        #
-        # Well, we can be pretty sure that the root page will be HTML anyways.
-        return true if @browser.last_url == response.url
-
-        # Finally, verify that we're really working with markup (hopefully HTML)
-        # and that the previous checks weren't just flukes matching some other
-        # kind of document.
-        #
-        # For example, it may have been JSON with the wrong content-type that
-        # includes HTML -- it happens.
-        #
-        # Beware, if there's a doctype in the beginning this will get fooled.
-        if !Parser.markup?( response.body )
-            print_debug "Does not look like HTML: #{response.url}"
-            print_debug "\n#{response.body}"
-            return false
-        end
-
-        true
+        # If the server says it's HTML dig deeper to ensure it.
+        # We don't want wrong response headers messing up the JS env.
+        response.html? && Parser.html?( response.body )
     end
 
     private