December 5, 2017: Bug Magnet 3.0 is now available, bringing a major update that makes the extension significantly more useful, secure and easier to extend. Here are the major changes:
##Use the extension easier
Lots of new edge cases: BugMagnet now comes with a ton of new edge cases:
- payment card information for most major providers, including Stripe, Paypal, Authorize.net and Braintree
- Unicode exploits, such as right-to-left overrides, incomplete joining sequences, case folding
- Many more personal names
- Most interesting edge cases from Humans vs Computers
No more page reloads: The new version is active immediately after installation on pages that are already open in the browser. The previous version only applied to newly opened pages, which created a bit of confusion for new users. Also, configuration changes apply immediately to all pages, so no need to reload pages after customising the menus.
Simulate different user workflows easily: You can now simulate end-user workflows better by simulating cliboard copy/paste. You can choose whether Bug Magnet directly injects a value using JavaScript, pastes it into a field (in order to trigger additional events) or just copies it into your clipboard so you can decide what to do with a value. This is also useful if you want to use Bug Magnet edge cases in some other apps. For more information, check out Operational Modes.
Better docs: Completely updated and rewritten, we now have better documentation:
- How to install and use Bug Magnet?
- How to contribute and support development?
- How to customise menus?
- More info about edge cases listed in BugMagnet menus
Use the extension in more places
Firefox support: The FireFox extension is now fully rewritten from scratch to bring it up to speed with the Chrome extension, and it’s now using the same code base, so the features are the same. The extension works with the latest FireFox 57 (Quantum).
Clipboard integration: You can make Bug Magnet just copy values to your clipboard, to easily try out the edge cases in apps outside the browser, or on web sites that use custom components so direct value injection would not work.
##Customise menus more
Deploy common configuration easier: The old extension allowed users to select a local file with custom menu options. That was tedious if you want to deploy it to a whole team, as people had to copy files to individual machines. The new extension has two more ways of adding configuration – from a remote URL and directly pasting in a JSON file.
Remove standard stuff: For users that would like to completely use their own menu structure, you can remove standard options. Click the Customise menus
option in the Bug Magnet Menu, then tick the Hide standard menus
box.
Pack your own version easily: Bug Magnet now uses webpack to link everything together, moving away from custom packaging scripts, so it is much easier to pack your own version and deploy to the whole organisation. Check out the Developer Guide for more information.
##Use it more securely
No more scary permissions: Bug Magnet no longer needs full access to full content on all pages, so no more horrible warnings at the start. The extension also no longer stays running in the background, but instead connects/disconnects from your page after every click.
When you switch the operational mode to simulating copy/paste, Bug Magnet will ask for temporary clipboard access. Switch back to inject values using JavaScript and the permissions will be revoked.
Existing users can uninstall the previous version before re-installing the upgrade to make sure any previous full-access permissions are revoked.
##Contribute easily
Set up a local environment easily: The old version used a mix of custom scripts and packaging tools that were popular in 2015. The JavaScript development ecosystem changed significantly over the last three years, so this update required a complete overhaul of packaging and tooling. We now use NPM for easy setup of local development environments (just run npm i
).
Develop and test easily: The code is updated to ES6, using Webpack and ESLint that should make it easy for new people to contribute and build their own versions. We use Testem and Jasmine to run tests in Firefox and Chrome directly. The Developer Guide is updated to list how to achieve all common development tasks, such as running tests, troubleshooting test failures. Check out the Github Repository for more information.