#305 bug
Dee

evalScripts() function fails with HTML comments

Reported by Dee | August 26th, 2008 @ 10:28 AM | in 1.7

The evalScripts() function fails when ISP or security software inserts script into pages.

e.g.:

is inserted by Nortons:

http://service1.symantec.com/SUP...

Can this be fixed please?

Comments and changes to this ticket

  • Dee

    Dee August 26th, 2008 @ 10:30 AM

    script inserted:

    
    function SymError()
    {
      return true;
    }
    
    window.onerror = SymError;
    
    var SymRealWinOpen = window.open;
    
    function SymWinOpen(url, name, attributes)
    {
      return (new Object());
    }
    
    window.open = SymWinOpen;
    
  • Mark Caudill

    Mark Caudill August 26th, 2008 @ 03:48 PM

    • Tag set to ie7

    This may (or may not) be addressed by this patch: http://prototype.lighthouseapp.c...

  • Dee

    Dee August 26th, 2008 @ 08:10 PM

    It doesnt look like this is the issue as the start of the

    
    <script language="JavaScript">
    
  • Dee
  • Juriy Zaytsev

    Juriy Zaytsev August 26th, 2008 @ 07:44 PM

    • Tag cleared.

    Is there actually a space after an opening tag bracket? That would "trip" #evalScripts

  • Juriy Zaytsev

    Juriy Zaytsev August 26th, 2008 @ 09:37 PM

    • Tag set to ie7

    How exactly does evalScripts fail?

    The following line seems to evaluate without errors:

    
    '<script language="JavaScript">function SymError(){return true;}window.onerror = SymError;var SymRealWinOpen = window.open;function SymWinOpen(url, name, attributes){return (new Object());} window.open = SymWinOpen;</script>'.evalScripts();
    
  • Dee

    Dee August 27th, 2008 @ 11:19 AM

    Its without the space, that was a typo.

    The evalScript throws a 'SyntaxError' which i am catching (however there isnt much more information than that in any of the exception properties) when passing the full html to the evalscript method.

    I've tried the single line as above, and as you've said i've had it evaluate too. however when passing the full html this still fails.

    The html i am passing has two instances of the script tag, one with script i've added and the other is the script inserted by Nortons(which is added directly after my script). Do you think its possible the methos is falling over on that?

  • Juriy Zaytsev

    Juriy Zaytsev August 27th, 2008 @ 01:32 PM

    @Dee

    I wouldn't know which one of the scripts is causing the error ; )

    Could you figure it out and paste the appropriate code (that makes evalScripts throw error)

  • Dee

    Dee August 27th, 2008 @ 03:26 PM

    Apologies, I was hoping someone had come across this issue before, and didnt think to add full details. :)

    The full details of the scripts on the page are as follows:

    HTML HEADER NORTON's:

    
    <!--
    
    function SymError()
    {
      return true;
    }
    
    window.onerror = SymError;
    
    var SymRealWinOpen = window.open;
    
    function SymWinOpen(url, name, attributes)
    {
      return (new Object());
    }
    
    window.open = SymWinOpen;
    
    //-->
    

    HTML HEADER MY SCRIPT:

    
    <!--
    var stylePath = './styles/';
    
    var errorText = new Object();
    errorText.notavailable = 'Test text';
    
    //-->
    
    

    BOTTOM OF HTML NORTON's:

    
    <!--
    var SymRealOnLoad;
    var SymRealOnUnload;
    function SymOnUnload()
    {
      window.open = SymWinOpen;
      if(SymRealOnUnload != null)
         SymRealOnUnload();
    }
    function SymOnLoad()
    {
      if(SymRealOnLoad != null)
         SymRealOnLoad();
      window.open = SymRealWinOpen;
      SymRealOnUnload = window.onunload;
      window.onunload = SymOnUnload;
    }
    SymRealOnLoad = window.onload;
    window.onload = SymOnLoad;
    //-->
    

    When Nortons is disabled and only HTML HEADER MY SCRIPT is inlcuded evalScripts seems to work as expected, returning "false".

    When Nortons is enabled so that all of the three scripts are included i get a SyntaxError returned.

  • John-David Dalton

    John-David Dalton August 27th, 2008 @ 03:34 PM

    • Title changed from “evalScripts() function fails to evaluate a page with a SymError() script inserted by Norton ” to “evalScripts() function fails with HTML comments”
    • Tag changed from ie7 to ie7, needs_patch, needs_tests
    • Milestone set to 1.7

    This is a known bug with the comments:

    
    <!--- and //-->
    

    The way around it is to use a globalEval solution that writes the code as a textNode of a script element.

  • Juriy Zaytsev

    Juriy Zaytsev August 27th, 2008 @ 03:52 PM

    • Tag changed from ie7 to ie7, needs_patch, needs_tests
    • Milestone set to 1.7

    @John

    Why not just make parser account for comments?

  • John-David Dalton

    John-David Dalton August 27th, 2008 @ 05:38 PM

    • State changed from “new” to “bug”
  • John-David Dalton

    John-David Dalton August 28th, 2008 @ 04:11 AM

    Removed off-topic comments will make a new ticket for String#eval.

  • Tobie Langel

    Tobie Langel July 24th, 2009 @ 02:26 AM

    • Tag changed from ie7, needs_patch, needs_tests to ie7, missing:tests, needs_patch

    [not-tagged:"needs_tests" tagged:"missing:tests" bulk edit command]

  • Tobie Langel

    Tobie Langel July 24th, 2009 @ 02:28 AM

    • Tag changed from ie7, missing:tests, needs_patch to ie7, missing:patch, missing:tests

    [not-tagged:"needs_patch" tagged:"missing:patch" bulk edit command]

  • Tobie Langel

    Tobie Langel July 24th, 2009 @ 03:36 AM

    • Tag changed from ie7, missing:patch, missing:tests to ie7, missing:patch, needs:tests

    [not-tagged:"missing:tests" tagged:"needs:tests" bulk edit command]

  • Tobie Langel

    Tobie Langel July 24th, 2009 @ 03:37 AM

    • Tag changed from ie7, missing:patch, needs:tests to ie7, needs:patch, needs:tests

    [not-tagged:"missing:patch" tagged:"needs:patch" bulk edit command]

  • Tobie Langel

    Tobie Langel July 24th, 2009 @ 12:46 PM

    • Tag changed from ie7, needs:patch, needs:tests to needs:patch, needs:tests

    [not-tagged:"ie7" bulk edit command]

  • Samuel Lebeau

    Samuel Lebeau August 26th, 2009 @ 08:12 AM

    • Assigned user set to “Samuel Lebeau”
  • T.J. Crowder

    T.J. Crowder November 16th, 2009 @ 04:50 PM

    • Assigned user cleared.

    [responsible:none bulk edit command]

  • Tisho Georgiev

    Tisho Georgiev March 1st, 2010 @ 10:04 PM

    • Tag changed from needs:patch, needs:tests to needs:patch, needs:tests, section:lang
  • Jason Westbrook
  • chenyingying

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

The Prototype JavaScript library.

Shared Ticket Bins

Pages