I have a very unique situation.
We use a Cisco Web VPN (don't know the exact name) here at work.
If I try to use the web pages I've developed, the javascript is broken.
I have tracked it down to this:
When using the Cisco Web VPN it will actually rewrite some of the HTML/JavaScript code. For instance, at the very beginning of the source it has stuck the following:
<script id='CSCO_GHOST' src="/+CSCOL+/cte.js"></script>
This is directly after the <html> begin tag (and not inside the <head> tags).
Inside of that source, cte.js, there is an error. That error is causing jQuery to not function properly. cte.js is part of Cisco's product and is totally out of my control.
I know how to capture errors with the windows.onerror but that is not working for this situation. The error is occurring before my scripts are loaded into the page.
Any ideas on how to suppress this error or work around such a thing?
I had my <script> tags in the <head> and then moved them to the bottom of the <body> and in neither place does it make a difference.
UPDATE:
After a bit more looking, it is something in jQuery. I mented out the <script> tag for jQuery and the error did not happen. Unmented, the error came back.
I have a very unique situation.
We use a Cisco Web VPN (don't know the exact name) here at work.
If I try to use the web pages I've developed, the javascript is broken.
I have tracked it down to this:
When using the Cisco Web VPN it will actually rewrite some of the HTML/JavaScript code. For instance, at the very beginning of the source it has stuck the following:
<script id='CSCO_GHOST' src="/+CSCOL+/cte.js"></script>
This is directly after the <html> begin tag (and not inside the <head> tags).
Inside of that source, cte.js, there is an error. That error is causing jQuery to not function properly. cte.js is part of Cisco's product and is totally out of my control.
I know how to capture errors with the windows.onerror but that is not working for this situation. The error is occurring before my scripts are loaded into the page.
Any ideas on how to suppress this error or work around such a thing?
I had my <script> tags in the <head> and then moved them to the bottom of the <body> and in neither place does it make a difference.
UPDATE:
After a bit more looking, it is something in jQuery. I mented out the <script> tag for jQuery and the error did not happen. Unmented, the error came back.
- What is the specific error? It might be possible to work around in some way. – VoteyDisciple Commented Aug 26, 2009 at 15:52
- They have this code: name.toLowerCase() and name is null. – Lance Perry Commented Aug 26, 2009 at 15:58
- I guess I should have said that the error that is thrown is: name is undefined. They didn't check that before calling the toLowerCase(). – Lance Perry Commented Aug 26, 2009 at 16:03
-
1
As a side note, I hope your IT department has upgraded, because
cte.jscontains a flaw that allows a remote cross-site scripting attack. osvdb/show/osvdb/55575 – Nate Commented Aug 26, 2009 at 16:04 - 1 out of curiosity, are you attempting to use the packed version of jquery.js? Some scanners/etc find packer-pressed JS as a trojan. If this is the case, use the .min.js version (minified, not packed) – dante Commented Sep 8, 2009 at 16:15
2 Answers
Reset to default 1This is what I had to do to fix the problem. I created a JS file in my web project with the following code:
if ( typeof SegmentHtml != "undefined" ) {
SegmentHtmlParam.prototype['filter'] = function() {
var name = null;
var value = null;
for (var i = 1; i < this._tokens.length; i++) {
var token = this._tokens[i];
if (token.type === ATTR_NAME) {
name = csco_g_buffer.substring(token.first_index, token.last_index).toUpperCase();
} else if (token.type === ATTR_VALUE) {
value = csco_g_buffer.substring(token.first_index, token.last_index);
};
};
var need_processing = false;
if (ParserClsidName) {
var tmp = ParserClsidName[this._clsid];
if (tmp) {
var proc = tmp[name];
need_processing = typeof proc != 'undefined';
};
};
/**
* ERROR ON NEXT LINE: name is null
*/
if (name!=null && name.toLowerCase() == "csco_proto") {
this._parent['csco_proto'] = value;
};
if (need_processing) { this._parent[name] = value; };
};
};
This is the FIRST javascript file I include in my HTML file.
<script type="text/javascript" src="js/jQueryCiscoKludge.js"></script>
I am running into this issue as well. It is really messed up for Cisco to just rewrite JS code like that, assuming it'll work for every single code on the web. There are some serious irreversible consequence like scope loss that will screw everything up. Who in their right mind would do that in the name of "security"? And what is preventing us from overriding the JS code they have injected?