Welcome to WebmasterWorld Guest from 184.73.126.70

Forum Moderators: open

Message Too Old, No Replies

Javascript Error Caused by Norton Internet Security

   
11:34 am on May 6, 2004 (gmt 0)

10+ Year Member



Hi

I have a problem which is caused by Norton Internet Security inserting the "symerror" function into all webpages. If you are not familiar with this function it basically will insert the following into a web page:

<script language="JavaScript">
<!--

function SymError()
{
return true;
}

window.onerror = SymError;

//-->
</script>

The problem I have is that my HTML page needs to call an externally loaded javascript file. Tgus in the HTML file I have <Script language="javascript" src="theJSfile."></script>. "theJSfile" is formated like this:

document.write ('<SCRIPT language="JavaScript" src="http://www.webpage.com/..."></SCRIPT>')

The problem arises because Norton Internet Security sticks its little symerror function just above the first <script language="javascript"> reference it finds in the document. This happens to be in the middle of the 'document.write' statement.

The net result of this is you end up with the following which is supposed to be Javascript:

document.write ('
<script language="JavaScript">
<!--

function SymError()
{
return true;
}

window.onerror = SymError;

//-->
</script>

<SCRIPT language="JavaScript"
src="http://www.blah.js"></SCRIPT>')

Note that now the document.write command is broken by a carriage return.

Is there any way that I can make the document.write function not die at the carriage return?

I hope this makes sense!

Thanks.

2:45 am on May 21, 2004 (gmt 0)

10+ Year Member



Hi,

I have some ads on my website, and for some reason I can't see them, but other people can. I tried adding those lines before the code but it still wont show. I have Norton and IE.

Thanks for your help.

Edit: Heres the error im getting starting from the beginning of the ad to the end.

<!--- Start ****.com Ad Code ----->

<script language="JavaScript">
<!--

function SymError()
{
return true;
}

window.onerror = SymError;

var SymRealWinOpen = window.open;

function SymWinOpen(url, name, attributes)
{
return (new Object());
}

window.open = SymWinOpen;

//-->
</script>

<script type='text/javascript'>
<!--
var ****_webmaster_id = 10398;
var ****_site_id = 13653;
var ****_ad_size = '234x60';
//-->
</script>

<!--- End ****.com Ad Code ----->

Edit: For some reason its blocking of the site. the ad is from ad+hearus.com (without the +)

9:52 pm on Jun 7, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I have just reinstalled my Norton NIS and saw the problem for the first time. Found this thread and tried a suggested solution:

<!-- <script language="javascript"></script> Workaround comment for Norton Firewall -->

It didn't work. Norton ignored it and placed its stuff before the next real script tag. Like this:

<!-- <script language="javascript"></script> Workaround comment for Norton Firewall -->
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<script language="JavaScript">
<!--
function SymError()
{
return true;
}
window.onerror = SymError;
var SymRealWinOpen = window.open;
function SymWinOpen(url, name, attributes)
{
return (new Object());
}
window.open = SymWinOpen;
//-->
</script>
<script src="scripts-js/lib-standard-02.js" type="text/javascript"></script>

Has Norton found a way to get around this trap? Or am I doing it wrong?

10:47 pm on Jun 7, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Norton may be wise, but for kicks try separating the lines, like:

<!--

<script type="text/javascript">
</script>

-->

If we're real lucky, Norton may insert in the comment area and nullify itself.

12:08 am on Jun 8, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I guess I'd suggest dumping norton and doing AVG instead.
1:39 am on Jun 8, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



For your own use, just turn off the pop-up blocker, it's what inserts the code. However, that inserted code breaks some pages (some AP-wire pages come to mind).

Norton appears to intercept the data stream between the modem and the browser, because it does its insertion regardless what browser you are using. This is a bit much, since only IE users need it.

In my experience, Norton also appends some JavaScript after the closing </html> tag. Browsers, being overly accommodating of such things, go ahead and read it.

It's really the code at the end which is the killer, since it can supercede the code you've written. Though the code above obviously subverts the window.open() method and turns the window into a generic object.

3:21 am on Jun 8, 2004 (gmt 0)

10+ Year Member



Guys

I have not looked at this issue since I originally posted. But there is little point in inserting <!-- and -->. Javascript doesn't ignore these commands, HTML does! They are, of course, designed for old non-JS browsers to ignore javascript commands.

What you have to insert is /* and */. These commands comment out entire blocks of JS. So, you place the following at the top of your file:

/*
<script language="javascript">
</script>
*/

And then you will find that Norton will change it and you will end up with:

/*
function SymError()
{
return true;
}
<script language="javascript">
</script>
*/

I hope this makes sense. I have quite a complex JS script and the above works perfectly, so unless we are dealing with a new version of Norton (etc...) I see no reason why it should not work for you.

4:26 am on Jun 8, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Are you saying that the section is within a JavaScript block? Otherwise, as you say, HTML won't ignore it and it will become part of the document (though CSS uses the same commenting convention). In reality, it should have little different effect than simply putting in empty script tags, except some browsers may see it as text to be rendered.

The ideal would be to eliminate not just the Norton stuff inserting itself in the middle of things, but to disable it. I realize your initial post was not of that nature and did utilize the JavaScript comment notation.

6:24 am on Jul 19, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I am now a victim of this. I am a neophyte when it comes to JS. Was simply trying to get a flash detection script to work.

Arghh!

The script works on the page, but when I move it off of the page to a linked file the page crashes across every browser I have tried.

Work arounds listed here do not seem to be effective. Anybody found anything else that works?

<added>Looks like noscript tags don't help either<added>

WBF

6:46 am on Jul 19, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Well this [service1.symantec.com] is of no help. It seems that this bit of code is placed on every page downloaded. It is not triggered by script tags as mentioned earlier in this thread.

<added>Found this [service1.symantec.com] too. What a crock. Norton does not seem to recognize this as a problem inherent in their software, and gives directions to "fix" it that virtually no one will find or use.</added>

WBF

7:03 am on Jul 24, 2004 (gmt 0)

10+ Year Member



If you want to disable the Symantec code, wouldn't code like the following be best?

<!--
/*
<script language="javascript">
</script>
*/
-->

That hides the Javascript code from HTML while causing the Symantec code to be ignored.

However, that kind of defeats the purpose of a lot of Norton Internet Security (which probably won't bother many Web masters, but could bother your visitors).

If you don't want to disable NIS, wouldn't the following work?

<script language="javascript">
</script>

If you put that ahead of any other scripts, that should give NIS a safe place to insert its code while still keeping it enabled for users who want it.

Steve

P.S. I'm glad I found this thread. I was just Googling to find out what those Sym* functions were, and this not only answered my questions but also provided a link to a Symantec page that helped me get a site working properly again. David Letterman's site uses popups to play video and audio, and those had stopped working in my browsers unless I turned off NIS and refreshed the page. The rules I had created didn't seem to allow the popups, but now I have some that do.

This 26 message thread spans 3 pages: 26