Selenium RC is a popular UI automation library for automating browsers. Selenium RC uses a generic form of JavaScript called Selenium Core to perform automation. However, this should comply with a security policy called the same-origin policy. The same-origin policy is a security measure that prevents website scripts from accessing the scripts of other websites. For example, JavaScript present on Google cannot access or communicate with JavaScript present on Yahoo. Three things are checked for the same-origin policy: the protocol, domain, and port. If these three things match, then only the request can be said as being one from the same domain.

Another concept related to same-origin policy is cross-site scripting. Cross-site scripting refers to the situation where a website can be prone to attacks from hackers. A typical hacker injects one or more JavaScript codes into web pages that are being browsed. These JavaScript codes can be malicious, and can pull cookie information from websites, pertaining to be banks, for example. This way, the malicious script bypasses the same-origin policy control.

Selenium RC consists of two parts:

• Selenium server
• Client libraries

The following diagram shows the functioning of Selenium RC, where the RC Server sits in-between the libraries like Java and Python and sends instructions to Selenium Core, thereafter operating on the individual browser:

The role of the Remote Control Server is to inject the Selenium Core in the respective browser. The client libraries send instructions in the form of requests to the RC Server, and the RC Server communicates this to the browser. After receiving a response, this is communicated back to the user by the RC Server.