Closed Thread Icon

Topic awaiting preservation: window.onerror = SymError; - why does this appear in my Apache hosted pages? Pages that link to <a href="https://ozoneasylum.com/backlink?for=12728" title="Pages that link to Topic awaiting preservation: window.onerror = SymError; - why does this appear in my Apache hosted pages?" rel="nofollow" >Topic awaiting preservation: window.onerror = SymError; - why does this appear in my Apache hosted pages?\

 
Author Thread
smonkey
Paranoid (IV) Inmate

From: Northumberland, England
Insane since: Apr 2003

posted posted 05-09-2003 21:52

Hi all,

Having recently installed phpdev4 I have been testing my current 'in-development' site through apache, but I have found some odd things:

1. weird javascript gets added to all my pages when they are retrieved through the browser, what is the point of this? example of script

code:
<html>
<head>

<script language="JavaScript">
<!--

function SymError()
{
return true;
}

window.onerror = SymError;

var SymRealWinOpen = window.open;

function SymWinOpen(url, name, attributes)
{
return (new Object());
}

window.open = SymWinOpen;

//-->
</script>

</head>

<body onload="var SymTmpWinOpen = window.open; window.open = SymWinOpen; window.open = SymTmpWinOpen;" marginwidth="0" marginheight="0">

****** content ******

</body>

<script language="JavaScript">
<!--

window.open = SymRealWinOpen;

//-->
</script>

</html>

But what is even worse than this is that a chunk of my own javascript from the head of my page gets removed leaving only this <script language="JavaScript" type="text/javascript"> </script> in it's place. The strange thing about this removal of javascript is it only happens to pages that are in deeper folders than the starting directory of my site. Why is this? Any clues?

smonkey
Paranoid (IV) Inmate

From: Northumberland, England
Insane since: Apr 2003

posted posted 05-09-2003 22:05

Ok, through further investigation I have found that it only removes scripts containing ' ../ '

for example:

it leaves this:

code:
<script language="JavaScript" type="text/javascript">
<!--
relPath = 'admin/' //relative path to admin directory
sponsor = 'sponsor/' //relative path to sponsor directory

*** yada yada yada ***

//-->
</script>

but removes this:

code:
<script language="JavaScript" type="text/javascript">
<!--
relPath = '../admin/' //relative path to admin directory
sponsor = '../sponsor/' //relative path to sponsor directory

*** yada yada yada ***

//-->
</script>

Is it some strange security measure? have I got something set up wrong? but most importantly, will it happen when I upload the script to my host? (can't check yet, host issues still in progress)

riri
Obsessive-Compulsive (I) Inmate

From:
Insane since: Aug 2003

posted posted 08-31-2003 10:34

It seems that NIS is addind this code, and replacing parts of the javascript u used. If u use Norton, maybe that's why.

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 08-31-2003 12:40

sounds plossible.. .sym sounds like symantec the makers of all products norton.
say, you're using an ad filter by any chance?

jdauie
Bipolar (III) Inmate

From: Missoula, MT
Insane since: Jan 2003

posted posted 08-31-2003 15:29

riri is correct.

Norton Personal Firewall adds that code to all HTML pages that pass through it. You can get rid of the "SymWinOpen" function by disabling popup blocking. Unlike most of the other settings, there is no way to disable the "SymError" function. (Search the internet for that function name, and you can see how many people dislike it)

The only way to get rid of it is to disable the firewall while you look at your pages. I ended up having to switch to a different firewall.

kellambrown
Neurotic (0) Inmate
Newly admitted

From: Dallas, TX, USA
Insane since: Nov 2003

posted posted 11-07-2003 22:07

I've been agonizing over this problem for two days now. Your comments gave me the clues to dig out some more information:

I have three windows client systems behind a DSL router (2 XP-Pro, 1 Win98/2) one XP system runs NIS, (XP specific version) the other is not. The Win98 runs NIS.

1. When accessing my personal website (http://kellambrown.com) from the XP with NIS, I get the SymError injected code only if I access the site without using the www prefix. If I use www prefix, my HTML is not changed. I've tried this with firewall and ad blocking tured on and off. The XP system without NIS works as nexpected as does the Win98 system on the same site.

2. The REALLY weird thing is that with NIS on and not using the www prefix, the IMG SRC fields for all of my for my thumbnails are blocked throughout the site. Since this is an art gallery site, this is a disaster! BTW, my IMG SRC fields do not use ../ anywhere, all paths are current local directory relative.

Any ideas or thoughts?

Does Norton have a patch out for this?


IanSimmons
Obsessive-Compulsive (I) Inmate

From: Sao Paulo / Brazil
Insane since: Nov 2003

posted posted 11-27-2003 02:08

Symantec are fully aware of this problem !
Search their US site for "Symerror" - It produces 3 results.

rickindy
Nervous Wreck (II) Inmate

From: Indianapolis, In USA
Insane since: Jan 2002

posted posted 11-29-2003 10:27

I had the same problem with thumbnails.
I finally found a pattern (I think). If the img tag has a width attribute of 120 (i.e. width="120"), the images wouldn't show up.
If I removed the width attribute or changed it to any value but 120, the images showed up fine.
I just changed the width attribute of all the tumbnails to 121 and everything works.
I though it was just me!


Few problems in life can't be solved by chocolate

paul.horne
Obsessive-Compulsive (I) Inmate

From: adelaide, south australia
Insane since: Dec 2003

posted posted 12-22-2003 10:20

I'm getting this occurring on my website page which then knocks out the cascading menu I'm using. Norton have three entries relating to it, but unfortunately they're all the same entry and it relates to NIS 2004 but not 2003 that I'm using. I switch off the Ad-blocking as suggested but it makes no difference. I've yet to re-boot so that may work. But I'm amazed at the - what word can i use? - audacity - of symantec. And while I'm haviong a whinge, I'm not impressed at the automatic support that symantec offer - it's not worked for me yet.

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 12-22-2003 13:31

well, I read that the norton version don't change very much (if at all) from year to year. Symantec just puts a new year on the box, and ships just about the same stuff again.

Why do you have it installed at all?

paul.horne
Obsessive-Compulsive (I) Inmate

From: adelaide, south australia
Insane since: Dec 2003

posted posted 12-23-2003 06:52

Because others I used were worse .....
One blocked all my e-mails, another my downloads. Norton was the least disruptive.
And I used to use Norton Commander ....

dpushman
Obsessive-Compulsive (I) Inmate

From: Norway
Insane since: Dec 2003

posted posted 12-25-2003 13:46

I am so pissed at NIS, so i switched to AVG. http://www.grisoft.com/us/us_index.php free edition. And i must say, it does the same job. And it`s free.

no not yet.

[This message has been edited by dpushman (edited 12-25-2003).]

jimbrooking
Obsessive-Compulsive (I) Inmate

From: USA
Insane since: Mar 2004

posted posted 03-26-2004 20:08

I just replaced my Black Ice Defender firewall with NIS 2004, and likewise have blown a day and a half on this inserted JavaScript. I am debugging some JS of my own, and the inserted code traps any JS error (e.g., in my form checking code) and just returns True to the onSubmit, so the form goes merrily along as if all is well, even though the form code is not even executed (Mozilla 1.5). I disabled "Ad blocking" and "Popup blicking" in NIS and the inserted JS does not appear, and my JS syntax error shows up in Mozilla's JS console.

Symantec should be ashamed of such a juvenile solution to anything!

« BackwardsOnwards »

Show Forum Drop Down Menu