Scrapy:FormRequest不会自动填充ASP.net隐藏字段

Question

我正在使用Scrapy刮掉身份验证屏幕背后的黄金.该网站使用ASP.net和ASP有一些愚蠢的隐藏字段遍布整个表单(如__VIEWSTATE,__EVENTTARGET).

当我打电话时,FormRequest.from_response(response,...我希望它能从响应中自动读取这些隐藏的字段并将它们填入formdata字典中 - 这就是Scrapy的FormRequest文档所说的应该做的事情.

但如果是这种情况,那么为什么登录过程仅在我明确列出这些字段并填充它们时才起作用？

class ItsyBitsy(Spider):
    name = "itsybitsy"
    allowed_domains = ["website.com"]
    start_urls = ["http://website.com/cpanel/Default.aspx"]

    def parse(self, response):
        # Performs authentication to get past the login form
        sel = Selector(response)
        return [FormRequest.from_response(response,
        formdata={
        'tb_Username':'admin',
        'tb_Password':'password',

        # The following fields should be auto populated, right?
        # So why does removing 'em break the login (w/500 Server Error)
        '__VIEWSTATE':
              sel.xpath("//input[@name='__VIEWSTATE']/@value").extract(),
        '__EVENTVALIDATION':
              sel.xpath("//input[@name='__EVENTVALIDATION']/@value").extract(),
        '__EVENTTARGET': 'b_Login'

        },
        callback=self.after_login,
        clickdata={'id':'b_Login'},
        dont_click=True)]

    def after_login(self, response):
        # Mmm, scrumptious
        pass

编辑:添加表单HTML

<form id="form1" action="Default.aspx" method="post" name="form1">
<div>
<input type="hidden" value="" id="__EVENTTARGET" name="__EVENTTARGET">
<input type="hidden" value="" id="__EVENTARGUMENT" name="__EVENTARGUMENT">
<input type="hidden" value="/wEPDwULLTE2OTg2NjA1NTAPZBYCAgMPZBYGAgMPD2QWAh4Kb25rZXlwcmVzcwUlcmV0dXJuIGNsaWNrQnV0dG9uKGV2ZW50LCAnYl9Mb2dpbicpO2QCBQ8PZBYCHwAFJXJldHVybiBjbGlja0J1dHRvbihldmVudCwgJ2JfTG9naW4nKTtkAgcPD2QWAh4Hb25jbGljawUPcmV0dXJuIGxvZ2luKCk7ZGRKt/WTOQThVTxB9Y0QcIuRqylCIw==" id="__VIEWSTATE" name="__VIEWSTATE">
</div>

<script type="text/javascript">
//&lt;![CDATA[
var theForm = document.forms['form1'];
if (!theForm) {
theForm = document.form1;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]&gt;
</script>


<div>

<input type="hidden" value="/wEWBAK0o8DDCQLxz5rcDwLF8dCIDALHyYWSA+rA4VJNaEpFIycMDHQPUOz393TI" id="__EVENTVALIDATION" name="__EVENTVALIDATION">
<input type="text" onkeypress="return clickButton(event, 'b_Login');" size="28" class="textfield-text" id="tb_Username" name="tb_Username">
<input type="password" onkeypress="return clickButton(event, 'b_Login');" size="28" class="textfield-text" id="tb_Password" name="tb_Password">
<a href="javascript:__doPostBack('b_Login','')" class="button-link" id="b_Login" onclick="return login();">Login</a>
</form>

Answer 1

根据源代码,Scrapy使用以下CSS选择器来解析表单中的输入:

descendant::textarea|descendant::select|descendant::input[@type!="submit" and @type!="image" and @type!="reset"and ((@type!="checkbox" and @type!="radio") or @checked)]

换句话说,所有隐藏的输入都被成功解析(并随后与请求一起发送),其值等于value属性.所以,Scrapy在这里应该做的事情.

登录使用from_response()不起作用,因为__EVENTTARGET具有空value属性.如果您使用真实浏览器进行登录,则__EVENTTARGET参数值将设置为b_Login通过javascript __doPostBack()函数调用.并且,由于Scrapy无法处理javascript(无法调用js函数),因此__EVENTTARGET会发送一个空值,导致登录失败.

__EVENTARGUMENT也有一个空value,但它实际上设置为__doPostBack()函数中的空字符串,所以它在这里没有区别.

希望有所帮助.