XRule: Search Forms

The Search Forms rule can search for specific parts of a form, such as a pre-populated control, or it can search all HTML code and textual content between an opening and closing form tag, with the exception of the opening <form> and the closing </form>.

Use as many search options as you can to limit the number of matches found. The search options are combined using AND logic.

With the exception of the Use the Inner HTML option, some of the other options will limit the search to specific parts of a form, such as to the INPUT controls found in your forms. The XRule will not search the entire form unless you select the Use Inner HTML option.

When performing a search, the criteria on this page are combined using AND logic. The text fields in the template XRules all accept regular expressions as long as they are preceded by regexp:. They do not accept DOS expressions.

Page element Description
Name The name assigned to the XRule.
Description (optional) Describe the purpose of the XRule so that you and other users can understand what it is searching for. For example, "Search for a form collecting PII".
Form name Select this option when your site uses form names and you know the name of the form that contains your search term.
Action URL Select this option when the value of the Action attribute contains a URL related to your search. The search text can be an exact or partial match to the URL. Enter the search text in the Action URL field.
Canonical URL Select this option to find any absolute URL on the page that matches your search text. An absolute URL is one that includes the scheme, domain, and path. For example, the URL http://www.example.com/products/gizmo.asp is absolute. Enter the search text in the Canonical URL field.
Inner HTML Select this option when you want the search to include all the HTML and text between the opening <form> and closing <form> tags. With some of the other options on the page, the search would just be limited to a certain portion of the FORM tag, such as a particular control. This option expands the search to include the entire form.
Submission method Select this option when the form you are searching for uses either the GET Method or the Post Method of submission. Use this XRule option to re-create the Pages with Forms Using Get report.
Action URL key length Select this option when the key length used to encrypt the connection over which the form data is submitted relates to your search. For example, if your site uses 128-bit key length and you want to find all forms using less than that for encryption, enter an Action URL key length of 56-bits.
Control name Select this option when you know the name of the control used by the form. For example, with the <input type="check box" value="10" name="CanadianResident">, the control name is CanadianResident.
Control value Select this option if you know the default value of the control. For example, with the <input type="check box" value="10" name="CanadianResident">, the default value is 10.
Control type Select this option if you know the type of control-INPUT or BUTTON-used by the form.
Checked control Select this option when the INPUT tag of the form has its Type attribute set to either check box or radio. The XRule will look to see if the Checked attribute is present.
Pre-populated control Select this option when you want to check whether the control is prepopulated. This option is always used in combination with the Prepopulated control: True or False option.
Pre-populated control: True or False When you select True, the search looks for a prepopulated control.

When you select False, the XRule looks for a control that is not prepopulated.

Make the search case sensitive Select this option if you want the search to be case sensitive. To find a match, the search criteria and the item found must be exactly the same. For example, if you entered www.example.com/Products/AppScan/ as a case-sensitive search, it would not find www.example.com/products/Appscan/.
Only enable XRule if it is required by a job or report Select this option to have the XRule run only when required. If the XRule is not required by a job or report, it will not be run. Checking this option saves time when scanning your site because the XRule only runs when necessary.
Always enable XRule Select this option to have the XRule run whenever the job runs. This method is the least efficient way to use an XRule.
Always disable XRule (if job experiences problems) Select this option to disable the XRule from a job or report. The rule will never be run, even if it is required. Disable the XRule when it causes problems with the job, such as a scan continuing indefinitely.
This rule defines a privacy statement Select this option when you want the pages that do not match this rule to be automatically reported in the Pages Collecting PII without a Privacy Statement Link report.