Topic awaiting preservation: window.onerror = SymError; - why does this appear in my Apache hosted pages? (Page 1 of 1)

Hi all,

Having recently installed phpdev4 I have been testing my current 'in-development' site through apache, but I have found some odd things:

1. weird javascript gets added to all my pages when they are retrieved through the browser, what is the point of this? example of script

<html>

<head>



<script language="JavaScript">

<!--



function SymError()

{

  return true;

}



window.onerror = SymError;



var SymRealWinOpen = window.open;



function SymWinOpen(url, name, attributes)

{

  return (new Object());

}



window.open = SymWinOpen;



//-->

</script>



</head>



<body onload="var SymTmpWinOpen = window.open; window.open = SymWinOpen; window.open = SymTmpWinOpen;" marginwidth="0" marginheight="0">



****** content ******



</body>



<script language="JavaScript">

<!--



window.open = SymRealWinOpen;



//-->

</script>



</html>

But what is even worse than this is that a chunk of my own javascript from the head of my page gets removed leaving only this <script language="JavaScript" type="text/javascript"> </script> in it's place. The strange thing about this removal of javascript is it only happens to pages that are in deeper folders than the starting directory of my site. Why is this? Any clues?

Ok, through further investigation I have found that it only removes scripts containing ' ../ '

for example:

it leaves this:

<script language="JavaScript" type="text/javascript">

	<!--

	relPath = 'admin/' //relative path to admin directory

	sponsor = 'sponsor/' //relative path to sponsor directory



                *** yada yada yada ***



	//-->

</script>

but removes this:

<script language="JavaScript" type="text/javascript">

	<!--

	relPath = '../admin/' //relative path to admin directory

	sponsor = '../sponsor/' //relative path to sponsor directory



                *** yada yada yada ***



	//-->

</script>

Is it some strange security measure? have I got something set up wrong? but most importantly, will it happen when I upload the script to my host? (can't check yet, host issues still in progress)

It seems that NIS is addind this code, and replacing parts of the javascript u used. If u use Norton, maybe that's why.

sounds plossible.. .sym sounds like symantec the makers of all products norton.
say, you're using an ad filter by any chance?

riri is correct.

Norton Personal Firewall adds that code to all HTML pages that pass through it. You can get rid of the "SymWinOpen" function by disabling popup blocking. Unlike most of the other settings, there is no way to disable the "SymError" function. (Search the internet for that function name, and you can see how many people dislike it)

The only way to get rid of it is to disable the firewall while you look at your pages. I ended up having to switch to a different firewall.

I've been agonizing over this problem for two days now. Your comments gave me the clues to dig out some more information:

I have three windows client systems behind a DSL router (2 XP-Pro, 1 Win98/2) one XP system runs NIS, (XP specific version) the other is not. The Win98 runs NIS.

1. When accessing my personal website (http://kellambrown.com) from the XP with NIS, I get the SymError injected code only if I access the site without using the www prefix. If I use www prefix, my HTML is not changed. I've tried this with firewall and ad blocking tured on and off. The XP system without NIS works as nexpected as does the Win98 system on the same site.

2. The REALLY weird thing is that with NIS on and not using the www prefix, the IMG SRC fields for all of my for my thumbnails are blocked throughout the site. Since this is an art gallery site, this is a disaster! BTW, my IMG SRC fields do not use ../ anywhere, all paths are current local directory relative.

Any ideas or thoughts?

Does Norton have a patch out for this?

Symantec are fully aware of this problem !
Search their US site for "Symerror" - It produces 3 results.

I had the same problem with thumbnails.
I finally found a pattern (I think). If the img tag has a width attribute of 120 (i.e. width="120"), the images wouldn't show up.
If I removed the width attribute or changed it to any value but 120, the images showed up fine.
I just changed the width attribute of all the tumbnails to 121 and everything works.
I though it was just me!


Few problems in life can't be solved by chocolate

I'm getting this occurring on my website page which then knocks out the cascading menu I'm using. Norton have three entries relating to it, but unfortunately they're all the same entry and it relates to NIS 2004 but not 2003 that I'm using. I switch off the Ad-blocking as suggested but it makes no difference. I've yet to re-boot so that may work. But I'm amazed at the - what word can i use? - audacity - of symantec. And while I'm haviong a whinge, I'm not impressed at the automatic support that symantec offer - it's not worked for me yet.

well, I read that the norton version don't change very much (if at all) from year to year. Symantec just puts a new year on the box, and ships just about the same stuff again.

Why do you have it installed at all?

Because others I used were worse .....
One blocked all my e-mails, another my downloads. Norton was the least disruptive.
And I used to use Norton Commander ....

I am so pissed at NIS, so i switched to AVG. http://www.grisoft.com/us/us_index.php free edition. And i must say, it does the same job. And it`s free.

no not yet.

[This message has been edited by dpushman (edited 12-25-2003).]

I just replaced my Black Ice Defender firewall with NIS 2004, and likewise have blown a day and a half on this inserted JavaScript. I am debugging some JS of my own, and the inserted code traps any JS error (e.g., in my form checking code) and just returns True to the onSubmit, so the form goes merrily along as if all is well, even though the form code is not even executed (Mozilla 1.5). I disabled "Ad blocking" and "Popup blicking" in NIS and the inserted JS does not appear, and my JS syntax error shows up in Mozilla's JS console.

Symantec should be ashamed of such a juvenile solution to anything!