Scan settings: JavaScript

To access this feature, click the Edit menu and select Default Scan Settings or Current Scan Settings. Then, in the Scan Settings category, select JavaScript.

JavaScript settings

The JavaScript analyzer allows OpenText DAST to crawl links defined by JavaScript, and to create and audit any documents rendered by JavaScript.

Tip: To increase the speed at which OpenText DAST conducts a crawl while analyzing script, change your browser options so that images/pictures are not displayed.

Configure the settings as described in the following table.

Option	Description
Crawl links found from script execution	If you select this option, the crawler will follow dynamic links (i.e., links generated during JavaScript execution).
Verbose script parser debug logging	If you select this setting AND if the Application setting for logging level is set to Debug, OpenText DAST logs every method called on the DOM object. This can easily create several gigabytes of data for medium and large sites.
Log JavaScript errors	OpenText DAST logs JavaScript parsing errors from the script parsing engine.
Enable JS Framework UI Exclusions	With this option selected, the OpenText DAST JavaScript parser ignores common JQuery and Ext JS user interface components, such as a calendar control or a ribbon bar. These items are then excluded from JavaScript execution during the scan.
Enable Site-Wide Event Reduction	When this option is selected, the crawler and JavaScript engine recognize common functional areas that appear among different parts of the website, such as common menus or page footers. This eliminates the need to find within HTML content the dynamic links and forms that have already been crawled, resulting in quicker scans. This option is enabled by default and should not normally be disabled.
Capture WebSocket Events	WebSocket is an asynchronous protocol, which means that not every request requires a response. Most of the time when a request does not receive a response, WebSocket ends with a timeout that affects both scan time and the ability to discover new attack surface. To prevent adversely affecting scan quality, this option is disabled by default.
Max script events per page	Certain scripts endlessly execute the same events. You can limit the number of events allowed on a single page to a value between 1 and 9999. The default value is 1000.
SPA support	SPA support applies to single-page applications. When enabled, the DOM script engine finds JavaScript includes, frame and iframe includes, CSS file includes, and AJAX calls during the crawl, and then audits all traffic generated by those events. Options for SPA support are: Automatic - If OpenText DAST detects a SPA framework, it automatically switches to SPA-support mode. Enabled - Indicates that SPA frameworks are used in the target application. Caution! SPA support should be enabled for single-page applications only. Enabling SPA support to scan a non-SPA website will result in a slow scan. Disabled - Indicates that SPA frameworks are not used in the target application. For more information, see About single-page application scans.

See also

Scan settings: Allowed Hosts

Scan settings: Authentication

Scan settings: Cookies/Headers

Scan settings: File Not Found

Scan settings: Filters

Scan settings: General

Scan settings: HTTP Parsing

Scan settings: Method

Scan settings: Policy

Scan settings: Proxy

Scan settings: Requestor

Scan settings: Session Exclusions

Scan settings: User Agent