> On 6 Oct 2023, at 08:05, Akshat Jaimini <destrex271@gmail.com> wrote:
>
> > Publishing this report to a website would handle that I think.
> I had sent a proposal/tried to start a discussion for this a few days earlier
It would probably help if you could link to a report from a run of the test
suite. I clicked through the linked repo but I was unable to see an example
testrun.
> > One question, would this test harness detect and report potential security issues like XSS?
> Security related tests were not added in the Gsoc timeline but we are planning to add them. Maybe when we add those
testswe can create a separate section on the proposed website only available to some 'admins' with all these sensitive
reportsbeing displayed there.
For tests like that we must really think about scope, limiting the report isn't
useful if we publish the tests for anyone to run themselves and thus generate
the report. Malicious actors are no doubt probing the website continuously
regardless of this, but we don't necessarily need to do the job for them.
--
Daniel Gustafsson