--- a/vm/index.html Wed Mar 06 15:58:41 2013 -0800
+++ b/vm/index.html Thu Mar 07 11:28:10 2013 -0800
@@ -1,90 +1,145 @@
-
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>webappsec vm welcome - jsFiddle demo</title>
-
- <script type='text/javascript' src='/js/lib/dummy.js'></script>
-
-
-
+ <script type="text/javascript" src="/js/lib/dummy.js">
+ </script>
<link rel="stylesheet" type="text/css" href="/css/result-light.css">
-
- <style type='text/css'>
-
- </style>
-
-
-
-<script type='text/javascript'>//<![CDATA[
+ <style type="text/css">
+ </style>
+ <script type="text/javascript">
+//<![CDATA[
window.onload=function(){
-}//]]>
-
-</script>
-
-
+}//]]> </script>
</head>
-<body>
- <body>
- <h1>Welcome to the WebAppSec WG Test VM</h1>
-
- <p>This is a virtual machine to help develop tests for the WebAppSec WG's specs. If you're not viewing this in the VM, you can get a copy here: <a href="about:blank">link</a>. It is an Ubuntu system that runs in <a href="https://www.virtualbox.org/">Oracle VirtualBox.</a> The username/passwword is webappsec/webappsec.</p>
-
- <h2>Why use this VM?</h2>
- <p>Many W3C recommendations can be tested in a purely browser enviornment. Lucky them. If your spec has dependencies on the Same Origin Policy, does server side work, cross-origin work, or depends on HTTP headers, you probably need a server.</p>
-
- <p>This VM attempts to duplicate the production environment the W3C deploys at www.w3c-test.org so we can rapidly develop tests that you can be confident will still work once you check them in and execute them on the standard infrastructure.<p>
- <h2>What is here?</h2>
- <p>An Apache2 installation.
- <ul>
- <li>Listening on:</li>
- <ul>
- <li>HTTP ports 80, 81, 82, 83, 88</li>
- <li>HTTPS port 443</li>
- </ul>
- <li>For the names:</li>
- <ul>
- <li>w3c-test.org</li>
- <li>www.w3c-test.org</li>
- <li>www1.w3c-test.org</li>
- <li>www2.w3c-test.org</li>
- <li>www3.w3c-test.org</li>
- </ul>
- </ul>
-
- </p>
- <p>The web root is in /var/www. Under this are included:
- <ul>
- <li>The W3C test framework under [webroot]/resources and [webroot]/testframework</li>
- <li>The WebAppSec Mercurial repository under [webroot]/webappsec</li>
- </ul>
- </p>
+<body>
+<body>
+<h1>Welcome to the WebAppSec WG Test VM</h1>
- <p>The VM also includes installs of Opera Next, Chrome Beta and Firefox Aurora for local testing. The web server does bind to the "public" IPs for the VM, so you can also test against it using a browser on your host machine. To do so:</p>
+<p>This is a virtual machine to help develop tests for the WebAppSec WG's
+specs. If you're not viewing this in the VM, you can get a copy here: <a
+href="about:blank">link</a>. It is an Ubuntu system that runs in <a
+href="https://www.virtualbox.org/">Oracle VirtualBox.</a> The
+username/passwword is webappsec/webappsec.</p>
+
+<h2>Why use this VM?</h2>
+
+<p>Many W3C recommendations can be tested in a purely browser enviornment.
+Lucky them. If your spec has dependencies on the Same Origin Policy, does
+server side work, cross-origin work, or depends on HTTP headers, you probably
+need a server.</p>
+
+<p>This VM attempts to duplicate the production environment the W3C deploys at
+www.w3c-test.org so you can rapidly develop tests and be confident they will
+still work once you check them in and execute them on the standard
+infrastructure.</p>
+
+<p></p>
+
+<h2>What is here?</h2>
+
+<p>An Apache2 installation. </p>
+<ul>
+ <li>Listening on:
<ul>
- <li>Set the VM network adapter to be NAT or host-only. (the root user/pass are public information, so don't put this VM directly on the Internet!)</li>
- <li>In the VM, run <code>$sudo ifconfig</code> to get the machine's IP address.</li>
- <li>Configure your host OS's /etc/hosts or eqiuvalent to resolve the names listed above to the VM's IP.</li>
- <ul>
- <li><i>Remember to undo this when you want to test against the real server again!</i></li>
- </ul>
- <li>Grab the end-entity certificate from <code>/etc/ssl/certificates/stardotw3cdashtestdotorg.cer</code> or the root certificate from the VM in <code>/home/webappsec/cybervillainsCA.cer</code> and install it as a trusted root CA in your test browser for https tests.</li>
- <ul>
- <li><i>Note: I destroyed the private key for this certificate authority after issuing the single certificate for this VM, but you still might not want to do this except on a test machine.</i>
- </li>
- </ul>
+ <li>HTTP ports 80, 81, 82, 83, 88</li>
+ <li>HTTPS port 443</li>
</ul>
+ </li>
+ <li>For the names:
+ <ul>
+ <li>w3c-test.org</li>
+ <li>www.w3c-test.org</li>
+ <li>www1.w3c-test.org</li>
+ <li>www2.w3c-test.org</li>
+ <li>www3.w3c-test.org</li>
+ </ul>
+ </li>
+</ul>
- <h2>Still confused? Help with this documentation.</h2>
- <p>This file lives in <a href="https://dvcs.w3.org/hg/webappsec/vm">https://dvcs.w3.org/hg/webappsec/vm</a>. Please update and add to it to help others.
- </p>
-
+<p>The web root is in /var/www. Under this are included: </p>
+<ul>
+ <li>The W3C test framework under [webroot]/resources and
+ [webroot]/testframework</li>
+ <li>The WebAppSec Mercurial repository under [webroot]/webappsec</li>
+</ul>
+
+<p>The VM also includes installs of Opera Next, Chrome Beta and Firefox Aurora
+for local testing. The web server does bind to the "public" IPs for the VM, so
+you can also test against it using a browser on your host machine. To do so:</p>
+<ul>
+ <li>Set the VM network adapter to be NAT or host-only. (the root user/pass
+ are public information, so don't put this VM directly on the Internet!)</li>
+ <li>In the VM, run <code>$sudo ifconfig</code> to get the machine's IP
+ address.</li>
+ <li>Configure your host OS's /etc/hosts or eqiuvalent to resolve the names
+ listed above to the VM's IP.
+ <ul>
+ <li><i>Remember to undo this when you want to test against the real
+ server again!</i></li>
+ </ul>
+ </li>
+ <li>Grab the end-entity certificate from
+ <code>/etc/ssl/certificates/stardotw3cdashtestdotorg.cer</code> or the root
+ certificate from the VM in <code>/home/webappsec/cybervillainsCA.cer</code>
+ and install it as a trusted root CA in your test browser for https tests.
+ <ul>
+ <li><i>Note: I destroyed the private key for this certificate authority
+ after issuing the single certificate for this VM, but you still might
+ not want to do this except on a test machine.</i> </li>
+ </ul>
+ </li>
+</ul>
+
+<h2>Working with the test repositories:</h2>
+
+<h3>Mercurial (Hg):</h3>
+
+<p>The CSP test suite is managed under the W3C Mercurial repository at <a
+href="https://dvcs.w3.org/hg/">https://dvcs.w3.org/hg/</a></p>
+
+<p>The webappsec repository is alredy cloned under /var/www/webappsec. To get
+the latest, open a shell and</p>
+<dl>
+ <dt><code>webappsec@www:~$ cd /var/www/webappsec</code></dt>
+ <dt><code>webappsec@www:/var/www/webappsec$ hg pull</code></dt>
+ <dt><code>webappsec@www:/var/www/webappsec$ hg update</code></dt>
+</dl>
+
+<p>You will need a W3C account to commit tests. If you don't have one yet,
+start here: <a name="https" id="https"
+href="https://www.w3.org/accounts/request">https://www.w3.org/accounts/request</a></p>
+
+<p>When you are adding new tests, please create a new subdirectory for your
+username or organization under "/submitted" for the specification you are
+targeting. To check in a test:</p>
+
+<p><code>webappsec@www:/var/www/webappsec/tests/csp/submitted/myusername$ hg
+add myNewTest.html</code></p>
+
+<p><code>webappsec@www:/var/www/webappsec/tests/csp/submitted/myusername$ hg
+commit myNewTest.html -u myusername</code></p>
+
+<p><code>webappsec@www:/var/www/webappsec/tests/csp/submitted/myusername$ hg
+push</code></p>
+
+<p></p>
+
+<p>You will be asked for your username and password to complete the push to the
+repository. You can edit <code>~/.hgrc </code>to save your username and
+password but be sure to change the webappsec account password on your copy of
+the VM if you do this.</p>
+
+<p></p>
+
+<h2>Still confused? Help with this documentation.</h2>
+
+<p>This file lives in <a
+href="https://dvcs.w3.org/hg/webappsec/vm">https://dvcs.w3.org/hg/webappsec/vm</a>.
+Please update and add to it to help others. </p>
</body>
-
-
+</body>
</html>
-
-