homepage Welcome to WebmasterWorld Guest from 23.20.63.27
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
Forum Library, Charter, Moderator: open

JavaScript and AJAX Forum

    
Javascript Error Caused by Norton Internet Security
MilesDependent




msg:1471749
 11:34 am on May 6, 2004 (gmt 0)

Hi

I have a problem which is caused by Norton Internet Security inserting the "symerror" function into all webpages. If you are not familiar with this function it basically will insert the following into a web page:

<script language="JavaScript">
<!--

function SymError()
{
return true;
}

window.onerror = SymError;

//-->
</script>

The problem I have is that my HTML page needs to call an externally loaded javascript file. Tgus in the HTML file I have <Script language="javascript" src="theJSfile."></script>. "theJSfile" is formated like this:

document.write ('<SCRIPT language="JavaScript" src="http://www.webpage.com/..."></SCRIPT>')

The problem arises because Norton Internet Security sticks its little symerror function just above the first <script language="javascript"> reference it finds in the document. This happens to be in the middle of the 'document.write' statement.

The net result of this is you end up with the following which is supposed to be Javascript:

document.write ('
<script language="JavaScript">
<!--

function SymError()
{
return true;
}

window.onerror = SymError;

//-->
</script>

<SCRIPT language="JavaScript"
src="http://www.blah.js"></SCRIPT>')

Note that now the document.write command is broken by a carriage return.

Is there any way that I can make the document.write function not die at the carriage return?

I hope this makes sense!

Thanks.

 

Bernard Marx




msg:1471750
 12:03 pm on May 6, 2004 (gmt 0)

I've heard of this kind of thing from anti-virus programs. Irritating.

It looks like Norton kicks in directly after document.write(', so you can't even try to comment out the bits you don't want.

It's important to make sure, not only that this doesn't cause you errors, but also that their code isn't executed. You won't be able to get any error reports for your own debugging.

If Norton is reacting specifically to document.write(), then you could try using your own method name to point to it (at the script top):
document.myWrite = document.write

Then you could use your new method name from then on (which is admittedly a stupid position to be in).

PCInk




msg:1471751
 1:22 pm on May 6, 2004 (gmt 0)

Is it triggered by the <script..> part?

Try inserting the following in your header:

<script></script>

and see if norton moves it's script near that.

Rambo Tribble




msg:1471752
 1:23 pm on May 6, 2004 (gmt 0)

Try breaking up your script tag within the document.write(), as in '<scr'+'ipt>' This is also helpful in getting Mozilla to work with the enclosed tag, as it will sometimes get confused by script tags that are within write commands.

MilesDependent




msg:1471753
 1:36 pm on May 6, 2004 (gmt 0)

Thanks for the feedback - it was very useful in helping me solve this 6 hour dillema. The solution was quite simple. I have placed the following into the Javascript file:

/*<script language="javasvript"></script>*/

The Norton function is triggered by the <script> and it inserts it immediately before the first <script> in a file. It does not check to see if that section is commented out. Thus the Norton function is now useless and it does not interfear with my document.write() command.

Geez... things like this really tick me off about programming. I had 15 things that had to be done today, and spent the entire day solving this stupid issue. Ahhhh!

Thanks again for the help!

AC

digitalv




msg:1471754
 1:58 pm on May 6, 2004 (gmt 0)

Man I hate norton internet security ... specifically the referrer blocking feature. When people come to my site who use that crap I can't see what their referrer was, so I have no idea what search engine they came in on, what advertisement they clicked, etc... real pain when I'm trying to figure out what campaigns are the most effective or what navigational paths through my site are taken more than others, etc. and I have all of these visitors who just seemed to pop in out of thin air.

I've considered blocking out users who have their referrer blocked ... redirecting them to another page that tells them why they're blocked and how to become "unblocked" so they can access the site. Maybe I'm the only one who thinks this way, who knows.

Bernard Marx




msg:1471755
 2:30 pm on May 6, 2004 (gmt 0)

Good thinking Miles!

Is this just something that happens when you view your pages locally, or is it something that this flavour of Norton will do to all webpages?

Do we have to start compiling a list of workarounds like yours, and all the other junk we need to put in to combat the junk they put in?

----------------------------------------
If you want your error alerts back, override their SymError with your own, a little later in the script.

function SymError(){ return false;}

Rambo Tribble




msg:1471756
 10:36 pm on May 6, 2004 (gmt 0)

Norton does this to all pages downloaded to the browser, if the pages contain JavaScript, when pop-up blocking is on. It also appends some JavaScript code after the closing </html> tag. This breaks some AP-wire pages, for example.

tazz3L




msg:1471757
 12:42 am on May 12, 2004 (gmt 0)
I found a work around to fool Norton -- after doing much looking for an answer already posted -- I tried this trick. This trick fools Norton I.S. and the scripts will still run normally near as I can tell.

*Before* your first <script> insert this into the html

<!-- <script language="javascript"></script> Workaround comment for Norton Firewall -->

Norton sees the <script> reference and does its strange insertion but Norton does not see that this <script> is remarked. So it has not further effect on the code.

Let us know if it works for you!

aus_dave




msg:1471758
 11:46 am on May 17, 2004 (gmt 0)

Man I hate norton internet security ... specifically the referrer blocking feature.

I'm with you digitalv, I just spent hours trying to work out why a modification to a cgi script that checks valid referrers wasn't working. Sure enough the PC I was using had Norton Internet Security running, once it was disabled it worked fine. Unfortunately I wasn't using my regular computer which is a Mac ;).

It also plays havoc with Adsense and other ads. Not good.

Deathlord




msg:1471759
 2:45 am on May 21, 2004 (gmt 0)

Hi,

I have some ads on my website, and for some reason I can't see them, but other people can. I tried adding those lines before the code but it still wont show. I have Norton and IE.

Thanks for your help.

Edit: Heres the error im getting starting from the beginning of the ad to the end.

<!--- Start ****.com Ad Code ----->

<script language="JavaScript">
<!--

function SymError()
{
return true;
}

window.onerror = SymError;

var SymRealWinOpen = window.open;

function SymWinOpen(url, name, attributes)
{
return (new Object());
}

window.open = SymWinOpen;

//-->
</script>

<script type='text/javascript'>
<!--
var ****_webmaster_id = 10398;
var ****_site_id = 13653;
var ****_ad_size = '234x60';
//-->
</script>

<!--- End ****.com Ad Code ----->

Edit: For some reason its blocking of the site. the ad is from ad+hearus.com (without the +)

HarryM




msg:1471760
 9:52 pm on Jun 7, 2004 (gmt 0)

I have just reinstalled my Norton NIS and saw the problem for the first time. Found this thread and tried a suggested solution:

<!-- <script language="javascript"></script> Workaround comment for Norton Firewall -->

It didn't work. Norton ignored it and placed its stuff before the next real script tag. Like this:

<!-- <script language="javascript"></script> Workaround comment for Norton Firewall -->
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<script language="JavaScript">
<!--
function SymError()
{
return true;
}
window.onerror = SymError;
var SymRealWinOpen = window.open;
function SymWinOpen(url, name, attributes)
{
return (new Object());
}
window.open = SymWinOpen;
//-->
</script>
<script src="scripts-js/lib-standard-02.js" type="text/javascript"></script>

Has Norton found a way to get around this trap? Or am I doing it wrong?

Rambo Tribble




msg:1471761
 10:47 pm on Jun 7, 2004 (gmt 0)

Norton may be wise, but for kicks try separating the lines, like:

<!--

<script type="text/javascript">
</script>

-->

If we're real lucky, Norton may insert in the comment area and nullify itself.

vkaryl




msg:1471762
 12:08 am on Jun 8, 2004 (gmt 0)

I guess I'd suggest dumping norton and doing AVG instead.

Rambo Tribble




msg:1471763
 1:39 am on Jun 8, 2004 (gmt 0)

For your own use, just turn off the pop-up blocker, it's what inserts the code. However, that inserted code breaks some pages (some AP-wire pages come to mind).

Norton appears to intercept the data stream between the modem and the browser, because it does its insertion regardless what browser you are using. This is a bit much, since only IE users need it.

In my experience, Norton also appends some JavaScript after the closing </html> tag. Browsers, being overly accommodating of such things, go ahead and read it.

It's really the code at the end which is the killer, since it can supercede the code you've written. Though the code above obviously subverts the window.open() method and turns the window into a generic object.

MilesDependent




msg:1471764
 3:21 am on Jun 8, 2004 (gmt 0)

Guys

I have not looked at this issue since I originally posted. But there is little point in inserting <!-- and -->. Javascript doesn't ignore these commands, HTML does! They are, of course, designed for old non-JS browsers to ignore javascript commands.

What you have to insert is /* and */. These commands comment out entire blocks of JS. So, you place the following at the top of your file:

/*
<script language="javascript">
</script>
*/

And then you will find that Norton will change it and you will end up with:

/*
function SymError()
{
return true;
}
<script language="javascript">
</script>
*/

I hope this makes sense. I have quite a complex JS script and the above works perfectly, so unless we are dealing with a new version of Norton (etc...) I see no reason why it should not work for you.

Rambo Tribble




msg:1471765
 4:26 am on Jun 8, 2004 (gmt 0)

Are you saying that the section is within a JavaScript block? Otherwise, as you say, HTML won't ignore it and it will become part of the document (though CSS uses the same commenting convention). In reality, it should have little different effect than simply putting in empty script tags, except some browsers may see it as text to be rendered.

The ideal would be to eliminate not just the Norton stuff inserting itself in the middle of things, but to disable it. I realize your initial post was not of that nature and did utilize the JavaScript comment notation.

willybfriendly




msg:1471766
 6:24 am on Jul 19, 2004 (gmt 0)

I am now a victim of this. I am a neophyte when it comes to JS. Was simply trying to get a flash detection script to work.

Arghh!

The script works on the page, but when I move it off of the page to a linked file the page crashes across every browser I have tried.

Work arounds listed here do not seem to be effective. Anybody found anything else that works?

<added>Looks like noscript tags don't help either<added>

WBF

willybfriendly




msg:1471767
 6:46 am on Jul 19, 2004 (gmt 0)

Well this [service1.symantec.com] is of no help. It seems that this bit of code is placed on every page downloaded. It is not triggered by script tags as mentioned earlier in this thread.

<added>Found this [service1.symantec.com] too. What a crock. Norton does not seem to recognize this as a problem inherent in their software, and gives directions to "fix" it that virtually no one will find or use.</added>

WBF

Pony99CA




msg:1471768
 7:03 am on Jul 24, 2004 (gmt 0)

If you want to disable the Symantec code, wouldn't code like the following be best?

<!--
/*
<script language="javascript">
</script>
*/
-->

That hides the Javascript code from HTML while causing the Symantec code to be ignored.

However, that kind of defeats the purpose of a lot of Norton Internet Security (which probably won't bother many Web masters, but could bother your visitors).

If you don't want to disable NIS, wouldn't the following work?

<script language="javascript">
</script>

If you put that ahead of any other scripts, that should give NIS a safe place to insert its code while still keeping it enabled for users who want it.

Steve

P.S. I'm glad I found this thread. I was just Googling to find out what those Sym* functions were, and this not only answered my questions but also provided a link to a Symantec page that helped me get a site working properly again. David Letterman's site uses popups to play video and audio, and those had stopped working in my browsers unless I turned off NIS and refreshed the page. The rules I had created didn't seem to allow the popups, but now I have some that do.

bumpaw




msg:1471769
 4:06 pm on Aug 5, 2004 (gmt 0)

I am working on a PC for a customer in my PC cleaning sideline and came across this very relevant thread.

She has NIS (Norton Internet Security)enabled and two of my websites with a form have a javascript related problem as described at the beginning of this thread.

I tried the fixes to my sites by adding the
/*<script language="javasvript"></script>*/

but with no success. The solution lay in NIS "Privacy Control" which when customised for my URL fixed the problem and allowed the full form to display in IE 6.0.

The problem is how many users are out there with that type of configuration in NIS? On one site I came to my home page via a link on another site only to arrive and see the page completely broken. After clicking on the banner it brought me to a valid page.

I'm wondering how many sites are displaying badly due to users with NIS who don't't know they have a problem. All my experiences with NIS have been bad.

john_k




msg:1471770
 4:49 pm on Aug 5, 2004 (gmt 0)

Try adding this near the bottom of your pages:

<script language="Javascript">
<!--
if(window.SymError)
{
window.onerror=null;
window.onerror=SymError2;
}
function SymError2()
{
alert('The functionality you would like to use has been broken by the hatchet '+
'style programming in your Norton Internet Security software.\n\nWe '+
'use clean javascript on this website to leverage your modern browser '+
'and deliver a useful website. Norton\'s IS product disables some '+
'javascript like a dentist using pliers to fix teeth.\n\nYou might want '+
'to ask them for a refund or a better product.');
return true;
}
//-->
</script>

<edit>made changes to prevent ultra-wide table from long javascript string.</edit>

auctionczar




msg:1471771
 6:30 am on Aug 16, 2004 (gmt 0)

Folks,

I found out one thing the hard way!
Symantec Norton antivirus has a very stupid implementation.
It blocks all links used in Javascript, that have either the word "ad" or "ads" as part of the URL!
And because of this lots of legitimate URLs which are not malicious are getting blocked, giving the functionality of some sites a good beating...
I am very surprised by the way Symantec is hiding this issue... They are just telling "Just put the ad blocker off" ..
Hope this info helps you all.

-Sandeep

rcbiggs




msg:1471772
 6:57 am on Aug 16, 2004 (gmt 0)

Hi I just signed on to forum to search for some answers to somn problems I have been encountering.
I do have Norton Systems Works running. I can not load
Macromedia Flash w/o getting an error. MS Internet explorer has encountered an error send error message yes or no.
Internet explorer must restart.
OS win98 se. The error message occurs when I visit certain sites such as "usr.com"
I have tried removing shockwave from inteernet options.
Only way too correct is re-install backup that did not Macromedia downloaded.
Could this be a problem with Norton?
Aslo encountered a problem where some sites could not be brought at all. ISP states that they can so its my problem.
Maybe someone has some thoughts on these issues
Thank Bob Biggs rcbiggs@earthlink.net

DrDoc




msg:1471773
 6:20 pm on Aug 16, 2004 (gmt 0)

You can also break up the script part...

document.write('<sc'+'rip'+'t type="text/javascript" src="foobar.js">'+'</s'+'crip'+'t>');

ccharacter




msg:1471774
 7:46 pm on Aug 27, 2004 (gmt 0)

I'm experiencing this same error--on ONE of my sites, but not the other. On one site, my javascript works fine. On the other, it won't work at all. Same script, same NIS. . . I've tried many of the fixes y'all suggest, nothing works yet.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved