OP Custom Tag - Unsecured Content v2

Overview

Version 1 of this script is limited in the type of content it searches for. Version 2 collects all requests made on the page, regardless of file type. Additionally, any request made without a secure connection is identified.

Under Variable Summary report in ObservePoint data, the account Unsecured Content 2 contains the relevant variables.

  • failed: Shows all the URLs and a status of failed. This means that the URL is not secured.
  • nonSecure_Requests.0-xx: Shows the pages that contain unsecured content.
  • nonSecure_Requests.length: Shows the number of unsecured items for each URL.

To capture the following details in an Audit or Journey, paste the snippet below into an Execute Action:

function opReqGetAsync(paramObject, acct, callback) {

var baseURL = "https://opreq.observepoint.com/?acct=" + acct;

var opReq = new XMLHttpRequest();

opReq.onreadystatechange = function() {

if (opReq.readyState == 4 && opReq.status == 200) {

callback(opReq.responseText);

}

}

opReq.open("POST", baseURL, true);

opReq.send(JSON.stringify(paramObject));

}

function unsecureContentCheck() {

var object = new Object(),

page = location.href,

allImgs = Object.keys(document.querySelectorAll('img[src]')).map(function(key) {

return document.querySelectorAll('img[src]')[key]

}),

allLinks = Object.keys(document.querySelectorAll('a[href]')).map(function(key) {

return document.querySelectorAll('a[href]')[key]

}),

allScripts = Object.keys(document.querySelectorAll('script[src]')).map(function(key) {

return document.querySelectorAll('script[src]')[key]

}),

regEx = /^https/,

regEx2 = /^(http:)+.+\.+(txt|cvs|ppt|pdf|doc|docx|xls|xlsx)$/,

unsecureFiles = [],

unsecureImgs = [],

unsecureLinks = [],

unsecureScripts = [];

for (var i = allImgs.length - 1; i >= 0; i--) {

if (allImgs[i].src.search(regEx) == -1) {

unsecureImgs.push(allImgs[i].src)

}

};

for (var i = allScripts.length - 1; i >= 0; i--) {

if (allScripts[i].src.search(regEx) == -1) {

unsecureScripts.push(allScripts[i].src)

}

};

if (location.href.search("https://") == -1) {

for (var i = allLinks.length - 1; i >= 0; i--) {

if (allLinks[i].href.search(regEx) == -1) {

unsecureLinks.push(allLinks[i].href)

}

};

for (var i = allLinks.length - 1; i >= 0; i--) {

if (allLinks[i].href.search(regEx2) == 0) {

unsecureFiles.push(allLinks[i].href)

}

};

}

object.page = location.href;

object.totalLinks = allLinks.length;

object.totalImages = allImgs.length;

unsecureLinks.length == 0 ? object.unsecureLinks = 'no unsecure links found' : object.unsecureLinks = unsecureLinks;

unsecureImgs.length == 0 ? object.unsecureImages = 'no unsecure images found' : object.unsecureImages = unsecureImgs;

unsecureFiles.length > 0 ? object.unsecureFiles = unsecureFiles : object.unsecureFiles = 'no unsecure files found';

unsecureScripts.length > 0 ? object.unsecureScripts = unsecureScripts : object.unsecureScripts = 'no unsecure scripts found';

opReqGetAsync(object, "Unsecured Content 2");

};

unsecureContentCheck();

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us