Selectors

Descendant selectors

The XPath of nodes to process. A Boolean test to see if the contents should be used. The Boolean test. I was recently asked by a colleague for some advice on locators and I shared this cheat sheet with him. It contains just about everything you need to know for formulating locators for use with Selenium (and also Marionette), and includes syntax for both xpath and css selectors. INJECTION CHEAT SHEET (non-SQL) www.rapid7.com XML Injection Detection ‘ single quote. XPATH Injection Detection ‘ single quote “ double quote Exploitation.

HTML	XPath	Note
h1	//h1	?
div p	//div//p	?
ul > li	//ul/li	?
ul > li > a	//ul/li/a
div > *	//div/*
:root	/	?
:root > body	/body

Attribute selectors

HTML	XPath	Note
#id	//*[@id='id']	?
.class	//*[@class='class'] …kinda
input[type='submit']	//input[@type='submit']
a#abc[for='xyz']	//a[@id='abc'][@for='xyz']	?
a[rel]	//a[@rel]
a[href^='/']	//a[starts-with(@href, '/')]	?
a[href$='pdf']	//a[ends-with(@href, '.pdf')]
a[href*='://']	//a[contains(@href, '://')]
a[rel~='help']	//a[contains(@rel, 'help')] …kinda

Order selectors

HTML	XPath	Note
ul > li:first-child	//ul/li[1]	?
ul > li:nth-child(2)	//ul/li[2]
ul > li:last-child	//ul/li[last()]
li#id:first-child	//li[@id='id'][1]
a:first-child	//a[1]
a:last-child	//a[last()]

Siblings

h1 ~ ul	//h1/following-sibling::ul	?
h1 + ul	//h1/following-sibling::ul[1]
h1 ~ #id	//h1/following-sibling::[@id='id']

jQuery

$('ul > li').parent()	//ul/li/..	?
$('li').closest('section')	//li/ancestor-or-self::section
$('a').attr('href')	//a/@href	?
$('span').text()	//span/text()

Other things

h1:not([id])	//h1[not(@id)]	?
Text match	//button[text()='Submit']	?
Text match (substring)	//button[contains(text(),'Go')]
Arithmetic	//product[@price > 2.50]
Has children	//ul[*]
Has children (specific)	//ul[li]
Or logic	//a[@name or @href]	?
Union (joins results)	//a | //div	?

Class check

Xpath doesn’t have the “check if part of space-separated list” operator, so this is the workaround (source).

Expressions

Steps and axes

//	ul	/	a[@id='link']
Axis	Step	Axis	Step

Prefixes

Prefix	Example	What
//	//hr[@class='edge']	Anywhere
./	./a	Relative
/	/html/body/div	Root

Begin your expression with any of these.

Axes

Axis	Example	What
/	//ul/li/a	Child
//	//[@id='list']//a	Descendant

Separate your steps with /. Use two (//) if you don’t want to select direct children.

Steps

A step may have an element name (div) and predicates ([...]). Both are optional. They can also be these other things:

Predicates

Predicates

Restricts a nodeset only if some condition is true. They can be chained.

Operators

Use comparison and logic operators to make conditionals.

Using nodes

You can use nodes inside predicates.

Indexing

Use [] with a number, or last() or position().

Chaining order

Order is significant, these two are different.

Nesting predicates

This returns <section> if it has an <h1> descendant with id='hi'.

Functions

Node functions

Boolean functions

Xpath W3schools

String functions

Type conversion

Axes

Using axes

Steps of an expression are separated by /, usually used to pick child nodes. That’s not always true: you can specify a different “axis” with ::.

Axis	Step	Axis	Step
//	ul	/child::	li

Child axis

child:: is the default axis. This makes //a/b/c work.

Descendant-or-self axis

// is short for the descendant-or-self:: axis.

Other axes

Axis	Abbrev	Notes
ancestor
ancestor-or-self
attribute	@	@href is short for attribute::href
child	div is short for child::div
descendant
descendant-or-self	//	// is short for /descendant-or-self::node()/
namespace
self	.	. is short for self::node()
parent	..	.. is short for parent::node()
following
following-sibling
preceding
preceding-sibling

There are other axes you can use.

Unions

Use | to join two expressions.

Examples

Find a parent

Finds a <section> that directly contains h1#section-name

Finds a <section> that contains h1#section-name. (Same as above, but uses descendant-or-self instead of child)

Closest

Works like jQuery’s $().closest('.box').

Attributes

Finds <item> and check its attributes

References

• Xpath test bed (whitebeam.org)

XML Tutorial

XML HOMEXML IntroductionXML How to useXML TreeXML SyntaxXML ElementsXML AttributesXML NamespacesXML DisplayXML HttpRequestXML ParserXML DOMXML XPathXML XSLTXML XQueryXML XLinkXML ValidatorXML DTDXML SchemaXML ServerXML ExamplesXML QuizXML Certificate

XML AJAX

AJAX IntroductionAJAX XMLHttpAJAX RequestAJAX ResponseAJAX XML FileAJAX PHPAJAX ASPAJAX DatabaseAJAX ApplicationsAJAX Examples

XML DOM

DOM IntroductionDOM NodesDOM AccessingDOM Node InfoDOM Node ListDOM TraversingDOM NavigatingDOM Get ValuesDOM Change NodesDOM Remove NodesDOM Replace NodesDOM Create NodesDOM Add NodesDOM Clone NodesDOM Examples

XPath Tutorial

XPath IntroductionXPath NodesXPath SyntaxXPath AxesXPath OperatorsXPath Examples

XSLT Tutorial

XSLT IntroductionXSL LanguagesXSLT TransformXSLT <template>XSLT <value-of>XSLT <for-each>XSLT <sort>XSLT <if>XSLT <choose>XSLT ApplyXSLT on the ClientXSLT on the ServerXSLT Edit XMLXSLT Examples

XQuery Tutorial

XQuery IntroductionXQuery ExampleXQuery FLWORXQuery HTMLXQuery TermsXQuery SyntaxXQuery AddXQuery SelectXQuery Functions

XML DTD

DTD IntroductionDTD Building BlocksDTD ElementsDTD AttributesDTD Elements vs AttrDTD EntitiesDTD Examples

XSD Schema

XSD IntroductionXSD How ToXSD <schema>XSD ElementsXSD AttributesXSD Restrictions

XSD Complex

XSD ElementsXSD EmptyXSD Elements OnlyXSD Text OnlyXSD MixedXSD IndicatorsXSD <any>XSD <anyAttribute>XSD SubstitutionXSD Example

XSD Data

XSD StringXSD DateXSD NumericXSD MiscXSD Reference

Xpath Injection Cheat Sheet

Web Services

XML ServicesXML WSDLXML SOAPXML RDFXML RSS

References

Xpath Injection Cheat Sheet

DOM Node TypesDOM NodeDOM NodeListDOM NamedNodeMapDOM DocumentDOM ElementDOM AttributeDOM TextDOM CDATADOM CommentDOM XMLHttpRequestDOM ParserXSLT ElementsXSLT/XPath Functions

Xpath Cheat Sheet Pdf