Spider is a web application which can recursively visit the pages of a web site. It is customizable to perform arbitrary processing on the web content it visits and is especially useful in performing quality assurance tasks on web content. Spider is supported only by Mozilla-based browsers. To learn more about Spider, visit its home page or subscribe to http://bclary.com/home.rss where announcements regarding new versions are made.
This software is a modified version of the CSpider application hosted at http://devedge-temp.mozilla.org/toolbox/examples/2003/CSpider/.
Developers can learn more about the internal operation of the CSpider JavaScript Class which provides the basic framework for this application from CSpider JavaScript Class manpage
Spider is capable of capturing error messages and spidering sites from other domains through the use of extended security privileges.
If you are running Spider as a XUL application from Mozilla Chrome, the application automatically has the necessary security privileges. However if you are running Spider as an HTML application or a remote XUL application, you will need to grant the application the necessary privileges.
In order to configure Mozilla to enable the use of these security
privileges, you must set the preference signed.applets.codebase_principal_support
to true
. You can do this either by
using about:config
to add the boolean preference, or modifying
the user.js
preferences file in your Mozilla profile directory
to contain the line
user_pref("signed.applets.codebase_principal_support", true);
For more information, please see Bypassing Security Restrictions and Signing Code by Arun Ranganathan.
signed.applets.codebase_principal_support
is required
in order to allow Spider access to internal Mozilla APIs as well
as cross-domain access. browser.dom.window.dump.enabled
is required in order to allow Spider to send messages to STDOUT.
Without dump
, Spider can only report messages to the
JavaScript Console.
user_pref("signed.applets.codebase_principal_support", true); user_pref("browser.dom.window.dump.enabled", true);
javascript.options.strict
enables Mozilla to
report on JavaScript strict warnings which are very useful
in determining potential problem areas in scripts.
javascript.options.showInConsole
can be used
to report internal browser errors to the JavaScript console
and is useful for Mozilla developers.
user_pref("javascript.options.strict", true); user_pref("javascript.options.showInConsole", true);
Spider can be halted through alerts which either Mozilla sends
or which are created by the web pages being visited. If you
wish to run Spider unattended, you should disable as many
alert messages as possible. In addition, by using
browser.xul.error_pages.enabled
to replace
network error alerts with error pages, Spider can easily
detect and report on network errors.
user_pref("browser.xul.error_pages.enabled", true); user_pref("dom.disable_open_during_load", true); user_pref("dom.disable_window_flip", true); user_pref("dom.disable_move_resize", true); user_pref("dom.disable_window_open_feature.status", true); user_pref("security.warn_entering_secure", false); user_pref("security.warn_entering_weak", false); user_pref("security.warn_submit_insecure", false); user_pref("security.warn_leaving_secure", false); user_pref("security.warn_viewing_mixed", false); user_pref("capability.policy.default.Window.alert", "noAccess"); user_pref("capability.policy.default.Window.confirm", "noAccess"); user_pref("capability.policy.default.Window.prompt", "noAccess");
If you wish to enable alerts on specific sites, you can enable them on a per site basis using a policy and a site list for which you will allow alerts.
user_pref("capability.policy.policynames", "trusted"); user_pref("capability.policy.trusted.sites", "..."); user_pref("capability.policy.trusted.Window.alert", "sameOrigin"); user_pref("capability.policy.trusted.Window.confirm", "sameOrigin"); user_pref("capability.policy.trusted.Window.prompt", "sameOrigin");
You can download user.js which contains these preferences and save it to your Mozilla profile directory.
If you need to Spider sites which require authentication, the following preferences can be useful to automatically negotiate authentication credentials for specific sites and domains.
// basic authentication user_pref("network.negotiate-auth.trusted-uris", site-list); user_pref("network.negotiate-auth.delegation-uris", site-list); // ntlm authentication user_pref("network.automatic-ntlm-auth.allow-proxies", true); user_pref("network.automatic-ntlm-auth.trusted-uris", site-list); // Confirm user intent whenever URL of the form // http://user:pass@my.site.com is accessed? user_pref("network.http.defensive-auth-prompting", false);
where site-list
is a string containing a comma-delimited
list of protocols, sites or domains. Be careful not to
unintentially broaden the scope of sites where authentication
negotiation is used since it might expose your credentials to
crackers.
In order for automatic negotiation to work, you will need to be logged into your local machine using the same credentials that are used on the remote site. You can find more information about these preferences in Nigel McFarlane's Firefox Hacks (online).
Spider can be run as either an HTML web application, a remote XUL
web application or as a chrome XUL application. When run as an
HTML application, it uses an IFRAME to load pages which sends a
null HTTP referer. When run as a XUL application, Spider uses a
xul:browser
element along with the method
loadURI
to send the url of the page containing a link
as its referer.
Spider sends logging output to both the JavaScript console and to STDOUT if the dump function is enabled. Since the JavaScript console is limited in the number of messages it may contain, it is important to also send the logging messages to STDOUT. This allows the results of a Spider run to be collected in a text file for later review and processing. In order to see this output you should start Mozilla from the command line and redirect STDOUT to a text file.
The following command will start Mozilla, automatically select the profile test, load Spider and direct all output to the file test.log.
mozilla -P test http://bclary.com/2004/07/10/spider/chrome/content/spider/spider.html > test.log 2>&1
mozilla -P test http://bclary.com/2004/07/10/spider/chrome/content/spider/spider.xul > test.log 2>&1
Spider can be run directly as in:
mozilla -P test -chrome chrome://spider/content > test.log 2>&1
However, this can have an undesired side-effect of creating a window which can not be resized in recent Firefox trunk (Deer Park alpha) builds based on Gecko 1.8.
To create a resizable window, invoke open.xul
as in:
mozilla -P test -chrome chrome://spider/content/open.xul > test.log 2>&1
open.xul
will create a resizable window using
javascript, then load spider.xul
while passing any
querystring along to spider.xul
.
Note that when run as a Chrome application, Spider can prevent frame-busting code from replacing the top level browser window however when run as either an HTML or Remote XUL application, Spider can be stopped by frame-busting code.
URL is the location which you wish to spider. This can be a
fully qualified domain such as http://www.example.com/
or
a partial domain such as example.com
.
Domain is used to restrict Spider to follow links on a specific domain. If this value is not specified, it will be generated from the URL by removing the protocol and any leading www.
Domain is useful when you wish to start at a given URL but do not wish to restrict Spider to URLs which contain the initial URL.
Depth is the number of links to follow during the spider. 0 will load only the initial page. 1 will load the initial page plus all pages linked from the initial page.
A specified Depth will reach the same set of pages that an imaginary visitor would reach using the same number of mouse clicks.
The number of seconds that Spider will wait for an external page to
load before firing CSpider.mOnPageTimeout() and entering the
paused
state.
The number of seconds that Spider will wait after a page has displayed before beginning to load the next page. This can be use to allow the user time to visually inspect the page.
Instead of waiting a specified number of seconds before loading the
next page, "Wait for User Hook" will cause the spider to wait until
the global variable gPageCompleted
is set to true.
"Wait for User Hook" is useful for situations where processing of the loaded page's content may take an arbitrary amount of time and where the User Hook functions need to control page transitions.
If Spider is invoked with a query string containing autostart=on, Spider will automatically begin executing with the data values specified in the query string.
To generate a link containing the desired parameters, first
set the data inputs, check the Autostart
check box,
then click Generate Spider URL
.
If Spider is invoked with a query string containing autoquit=on, Spider will automatically exit when it has completed its run, i.e. reached the Stopped state.
To generate a link containing the desired parameters, first
set the data inputs, check the Autoquit
check box,
then click Generate Spider URL/code>.
If Restrict URLs is checked, then the spider will only follow links
which contain the Domain. For example if you enter
http://www.example.com/
as the initial URL,
the spider will follow links of the form
http://www.example.com/help/
but not
http://www.foo.example.com/
.
If you wish to restrict the spider to a domain, simply enter the
partial domain such as example.com
which will follow
all links which contain example.com
.
If you wish the spider to follow any link regardless of site or domain, uncheck Restrict URLs.
If Respect robots.txt is checked, Spider will obey the rules specified in a site's robots.txt file and refuse to load blocked urls.
If Debug spider is checked, Spider will output debugging messages to the JavaScript Console and STDOUT. Only useful to someone hacking Spider.
Select this option to send JavaScript Errors and Exceptions to stdout.
Select this option to send JavaScript Warnings to stdout.
Select this option to send Chrome Errors and Warnings to stdout.
Select this option to send XBL Errors and Warnings to stdout.
Select this option to send CSS Errors and Warnings to stdout.
Script URL is the location of an optional external JavaScript file which can be used to customize the operation of Spider through the use of any or all of the following functions.
WARNING: These functions will operate in the chrome security context of the browser.
function userOnStart() { // add custom code here // to be called by the Spider's mOnStart handler } function userOnBeforePage() { // add custom code here // to be called by the Spider's mOnBeforePage handler } function userOnAfterPage() { // add custom code here // to be called by the Spider's mOnAfterPage handler // this function is especially useful for performing // tests upon the DOM of a loaded web page. // // If "Wait for User Hook" is checked, thenuserOnAfterPage()
// is responsible for setting the global variablegPageCompleted
// in order to load the next page. } function userOnStop() { // add custom code here // to be called by the Spider's mOnStop handler } function userOnPause() { // add custom code here // to be called by the Spider's mOnPause handler } function userOnRestart() { // add custom code here // to be called by the Spider's mOnRestart handler } function userOnPageTimeout() { // add custom code here // to be called by the Spider's mOnPageTimeout handler } gConsoleListener.onConsoleMessage = function userOnConsoleMessage(s) { // add custom code here to handle // the message which was sent to the // JavaScript Console and STDOUT. // You can use this function to // store messages in databases etc. };
Run
Run
will begin spidering the specified site.
Pause
Pause
will cause the spider to enter the
Paused state after it finishes loading the current
page.
Restart
If the spider is Paused either because you
have clicked Pause or the spider has
timed out, you can press
Restart
to continue.
Stop
Stop
will stop the spider.
Generate Spider URL
Generate Spider URL
will open a new window
with a link which can be used to open Spider and populate the Data
inputs and optionally automatically Run
Spider if Autostart
is checked.
Reset
Reset
will reset the Data inputs to their
default values. Note that the URL containing any pre-existing
query string value is not changed via Reset
.
This software is licensed under the MPL, GPL and LGPL licenses. View source to see the license agreement and read mozilla.org's Mozilla & Netscape Public Licenses for more details.