Welcome to WebmasterWorld Guest from 54.196.231.129

Forum Moderators: open

Message Too Old, No Replies

Javascript Error Caused by Norton Internet Security

     
11:34 am on May 6, 2004 (gmt 0)

New User

10+ Year Member

joined:July 5, 2003
posts:9
votes: 0


Hi

I have a problem which is caused by Norton Internet Security inserting the "symerror" function into all webpages. If you are not familiar with this function it basically will insert the following into a web page:

<script language="JavaScript">
<!--

function SymError()
{
return true;
}

window.onerror = SymError;

//-->
</script>

The problem I have is that my HTML page needs to call an externally loaded javascript file. Tgus in the HTML file I have <Script language="javascript" src="theJSfile."></script>. "theJSfile" is formated like this:

document.write ('<SCRIPT language="JavaScript" src="http://www.webpage.com/..."></SCRIPT>')

The problem arises because Norton Internet Security sticks its little symerror function just above the first <script language="javascript"> reference it finds in the document. This happens to be in the middle of the 'document.write' statement.

The net result of this is you end up with the following which is supposed to be Javascript:

document.write ('
<script language="JavaScript">
<!--

function SymError()
{
return true;
}

window.onerror = SymError;

//-->
</script>

<SCRIPT language="JavaScript"
src="http://www.blah.js"></SCRIPT>')

Note that now the document.write command is broken by a carriage return.

Is there any way that I can make the document.write function not die at the carriage return?

I hope this makes sense!

Thanks.

Deathlord

2:45 am on May 21, 2004 (gmt 0)

Inactive Member
Account Expired

 
 


Hi,

I have some ads on my website, and for some reason I can't see them, but other people can. I tried adding those lines before the code but it still wont show. I have Norton and IE.

Thanks for your help.

Edit: Heres the error im getting starting from the beginning of the ad to the end.

<!--- Start ****.com Ad Code ----->

<script language="JavaScript">
<!--

function SymError()
{
return true;
}

window.onerror = SymError;

var SymRealWinOpen = window.open;

function SymWinOpen(url, name, attributes)
{
return (new Object());
}

window.open = SymWinOpen;

//-->
</script>

<script type='text/javascript'>
<!--
var ****_webmaster_id = 10398;
var ****_site_id = 13653;
var ****_ad_size = '234x60';
//-->
</script>

<!--- End ****.com Ad Code ----->

Edit: For some reason its blocking of the site. the ad is from ad+hearus.com (without the +)

9:52 pm on June 7, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 21, 2002
posts:1051
votes: 0


I have just reinstalled my Norton NIS and saw the problem for the first time. Found this thread and tried a suggested solution:

<!-- <script language="javascript"></script> Workaround comment for Norton Firewall -->

It didn't work. Norton ignored it and placed its stuff before the next real script tag. Like this:

<!-- <script language="javascript"></script> Workaround comment for Norton Firewall -->
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<script language="JavaScript">
<!--
function SymError()
{
return true;
}
window.onerror = SymError;
var SymRealWinOpen = window.open;
function SymWinOpen(url, name, attributes)
{
return (new Object());
}
window.open = SymWinOpen;
//-->
</script>
<script src="scripts-js/lib-standard-02.js" type="text/javascript"></script>

Has Norton found a way to get around this trap? Or am I doing it wrong?

10:47 pm on June 7, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 14, 2004
posts:1181
votes: 0


Norton may be wise, but for kicks try separating the lines, like:

<!--

<script type="text/javascript">
</script>

-->

If we're real lucky, Norton may insert in the comment area and nullify itself.

12:08 am on June 8, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 19, 2003
posts:1747
votes: 0


I guess I'd suggest dumping norton and doing AVG instead.
1:39 am on June 8, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 14, 2004
posts:1181
votes: 0


For your own use, just turn off the pop-up blocker, it's what inserts the code. However, that inserted code breaks some pages (some AP-wire pages come to mind).

Norton appears to intercept the data stream between the modem and the browser, because it does its insertion regardless what browser you are using. This is a bit much, since only IE users need it.

In my experience, Norton also appends some JavaScript after the closing </html> tag. Browsers, being overly accommodating of such things, go ahead and read it.

It's really the code at the end which is the killer, since it can supercede the code you've written. Though the code above obviously subverts the window.open() method and turns the window into a generic object.

3:21 am on June 8, 2004 (gmt 0)

New User

10+ Year Member

joined:July 5, 2003
posts:9
votes: 0


Guys

I have not looked at this issue since I originally posted. But there is little point in inserting <!-- and -->. Javascript doesn't ignore these commands, HTML does! They are, of course, designed for old non-JS browsers to ignore javascript commands.

What you have to insert is /* and */. These commands comment out entire blocks of JS. So, you place the following at the top of your file:

/*
<script language="javascript">
</script>
*/

And then you will find that Norton will change it and you will end up with:

/*
function SymError()
{
return true;
}
<script language="javascript">
</script>
*/

I hope this makes sense. I have quite a complex JS script and the above works perfectly, so unless we are dealing with a new version of Norton (etc...) I see no reason why it should not work for you.

4:26 am on June 8, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 14, 2004
posts:1181
votes: 0


Are you saying that the section is within a JavaScript block? Otherwise, as you say, HTML won't ignore it and it will become part of the document (though CSS uses the same commenting convention). In reality, it should have little different effect than simply putting in empty script tags, except some browsers may see it as text to be rendered.

The ideal would be to eliminate not just the Norton stuff inserting itself in the middle of things, but to disable it. I realize your initial post was not of that nature and did utilize the JavaScript comment notation.

6:24 am on July 19, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 1, 2002
posts:1834
votes: 0


I am now a victim of this. I am a neophyte when it comes to JS. Was simply trying to get a flash detection script to work.

Arghh!

The script works on the page, but when I move it off of the page to a linked file the page crashes across every browser I have tried.

Work arounds listed here do not seem to be effective. Anybody found anything else that works?

<added>Looks like noscript tags don't help either<added>

WBF

6:46 am on July 19, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 1, 2002
posts:1834
votes: 0


Well this [service1.symantec.com] is of no help. It seems that this bit of code is placed on every page downloaded. It is not triggered by script tags as mentioned earlier in this thread.

<added>Found this [service1.symantec.com] too. What a crock. Norton does not seem to recognize this as a problem inherent in their software, and gives directions to "fix" it that virtually no one will find or use.</added>

WBF

Pony99CA

7:03 am on July 24, 2004 (gmt 0)

Inactive Member
Account Expired

 
 


If you want to disable the Symantec code, wouldn't code like the following be best?

<!--
/*
<script language="javascript">
</script>
*/
-->

That hides the Javascript code from HTML while causing the Symantec code to be ignored.

However, that kind of defeats the purpose of a lot of Norton Internet Security (which probably won't bother many Web masters, but could bother your visitors).

If you don't want to disable NIS, wouldn't the following work?

<script language="javascript">
</script>

If you put that ahead of any other scripts, that should give NIS a safe place to insert its code while still keeping it enabled for users who want it.

Steve

P.S. I'm glad I found this thread. I was just Googling to find out what those Sym* functions were, and this not only answered my questions but also provided a link to a Symantec page that helped me get a site working properly again. David Letterman's site uses popups to play video and audio, and those had stopped working in my browsers unless I turned off NIS and refreshed the page. The rules I had created didn't seem to allow the popups, but now I have some that do.

This 26 message thread spans 3 pages: 26
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members