You need to disable that in order to run your scripts.

A small flaw with Norton.

window.open

Norton has a pop-up blocker, window.open will not work with Norton enabled.

ASP is a server script, s the Script Blocking will block it.

Norton shouldn't block any server scripts (I have never had the problem), but it may block client side (such as JavaScript).

Also check all your filenames are working correctly and are not being blocked by the advert blocker (eg shopremoveitem.asp?cartid=1). To do this, open the page in a browser, go to view source and check that all the href="" tags are still there and are correct, as well as <form> action urls.

Well, I know that Norton shouldn't be blocking it however the fact still stands that if I have the script blocking service on, it stops me from getting past the code you see above. If the script blocking service is off, then I can get past that page with no qualms.

Now, I did see the fact that we have a <form> with no action there however the strange thing is those buttons still work when the script blocking is off.

The ASP page that it refers to is the processing script for that form. This is what is being blocked.

The Window.Open script is only a picture on that page that opens to a popup window. It still works with the script blocking on.

PM me and I can give you the URL.

Wayne

Does anyone have any ideas. I have someone checking into the form idea. Anything else?

How can I turn off the script blocker from every single person that visits our web site? I have to find a way around this.

Break the problem down to solve it. Where is the problem occurring?

Norton Script Blocking can prevent ASP pages executing (check the Norton help or Knowledge Base articles). But ASP pages don't execute on the client, they execute on the server and then return normal web pages to the client to display.

If you are developing on your own PC's web server (you don't describe your set-up), then your PC is the server and the client. I'd guess Norton is blocking the server processing, not the client processing. Visitors will not have turn off script blocking to visit your web site (client processing). Visitors would only have to turn off script blocking if they were hosting your web site on their PC (server processing).

So try turning off script blocking on your PC (the server), then browse to the website from another PC with script blocking on (the client).

If it works then the script blocking is happening on the ASP and you have nothing to worry about - the live web server won't have script blocking on. If it doesn't work, then there's a client-side problem in the HTML/javascript your ASP returns and for some reason Norton is blocking it. Fix it.

Millions of websites work for visitors with Norton script blocking on, your website will too :)

Fix it...? That is what I am attempting to do here to see if anyone has any ideas.

I have been through the Symantec Knowledge Base. I have also Googled the issue.

I have also seen Norton Script Blocking block a lot of things before including items on a web page. This is just my first direct experience with it.

This was just a last resort because I don't know what is causing it.

If the problem is pop-up blocking, then it's nothing to do with ASP/VBscript and your problem won't just be with Norton Internet Security users...

How to fix it: don't use pop-ups ;)

I go to the services on the client computer, stop the script blocking service from running and it goes through with no issues.

The window.open that you see there is a blow up image. It works with script blocking on or off.

There are thousands of things clients might haveswitched on that prevent them seeing your page - I even seen clisents disable https!

All you can do is develop the site to work under "normal" conditions.

Let's first prove/disprove that this is a client-side scripting issue.

Turn off Norton IS.
Now, in your browser, disable JavaScript.
Does your site application work?
If so, Norton IS is doing something funky, although I can't imagine what. You'll have to search Symantec's KBs for some answers on that.
If your application doesn't work, then it's a JavaScript dependency issue.

As far as Norton IS preventing some sort of server side code from executing correctly, that is impossible. The server, as stated earlier, is doing it's processing and sending plain old HTML and maybe some client-side script for your computer to do something with.

Also, please confirm that we are talking about a client-server model here. I.E you are not opening a browser on the same box that you are accessing the site from.

If it turns out to be a JavaScript dependency issue. Post some code and we can find out how to make the JavaScript into a convenience if it's enabled, rather than a show-stopper if it's not.

Mark

Here is a full scenario

1. World Famous Gift Baskets Temp Site is hosted on a Server in Tampa, FL.

2. As we are developing the web site, we are walking different people through navigating it and getting the responses. To our surprise, they could not get past the shopaddtocart.asp page. None of them. At this time, we did not know what was going on.

3. I run a computer repair company. One of the laptops that I maintain just happens to have norton 2004 internet security on it. I was using this laptop while working on the temp site for World Famous Gift Baskets. I all of a sudden could not get past the shopaddtocart.asp page. I started looking and breaking down what that computer had on it. I started troubleshooting. It is definitely without a doubt the Norton Script Blocking Service that is stopping these people from getting past that page.

The code, I posted on the first post is the code in question. Is there some other code that you require?

If you want to PM or email me I will give you the URL and the page in question.

NSB is not allowing the following action to occur:
<FORM action="shopaddtocart.asp" method="POST">

The javascript that you see there is just an popup window that a bigger image appears on. It works no problems.

The only thing that I can see being an issue is the following bit of code:
<form><INPUT name="continue" border='0' type=image src="images/vpnav_continueshopping.gif">&nbsp;<INPUT
name="checkout" type=image border='0' src="images/vpnav_checkout.gif">&nbsp;</form><b>
<font face='Verdana, Arial, Helvetica, sans-serif'>Items in shopping cart: 1</font></b>

There is no action in the form. The strange thing is that the form still works from the other forms action. I don't understand it personally but it works.

If I have norton script blocking enabled on that laptop I mentioned, then I cannot click any button on that page or the page will refresh.

If I have norton script blocking disabled, then I can click any button with no issues whatsoever.

Thanks for any insight

Wayne

Turn off Norton IS

I'v had client with Zone Alarm Pro have very similar problems to the problem you are having, shutting down zone alarm fixed the problem but it wasnt actually ZA causing the problem it was a broken TCP/IP stack on the client and once fixed the sites worked with or without ZA running.

[edited by: aspdaddy at 12:29 pm (utc) on Sep. 11, 2005]

If that works OK then its possibly the javascript, pop-ups or form without the action thats the problem.

Now, the javascript works no problems whatsoever even when script blocking is on so I highly doubt that is it however I will be removing those buttons at the top in order to test whether or not it is that form with no action setting it off. That is very much a possiblility. I have not been able to get into there yet. The person that was supposed to be testing it is dropping the ball and not getting back to me whether or not he tested it.

Wayne

I highly recommend you uninstall it. Then trample on the disc, smash it against a wall, chuck it in the bin, burn it, throw the bin out of the window, bury it, lay concrete over the top and build a scyscraper on the land. Then put an armed military unit in the basement of the skyscraper to ensure that it never resurfaces. Then demand your money back and sue for damages.

I believe it's likely that this problem is caused by Norton Internet Security blocking the HTTP REFERER header.

I believe this setting is in Norton Firewall. Have a look on how to disable it and see if that works. If it does, you've found the cause of the problem. Then you have to fix the source of it.

By the way, I'm pretty sure you've posted the wrong code. Can you please post the source code of shopaddtocart.asp if you want us to help fix this.

I tried to post the code as requested however my post was deleted.

I will sticky you the whole code as suggested by WW.com moderators

Wayne

If I view the site normally, everything works fine. If I disable the HTTP REFERER header in my browser then it just reverts back to the original page.

You are absolutely correct. I just looked at the script written and it uses a http_referrer to check to see if it is a blank recalculate.

Thank you very much for helping me pinpoint the issue.

Do you have any suggestions on how I should rewrite this code in order to avoid this?

Wayne

Here is the part in question.

If (inStr(1,Request.ServerVariables("HTTP_REFERER"),"shopaddtocart.asp",1)) < 1 Then 
strAction = ""
ELSEIF (Request("Continue") = "") AND (Request("Continue.x") < 1) AND (Request("checkout") = "") AND (Request("checkout.x") = "") AND (inStr(1,Request.ServerVariables("HTTP_REFERER"),"shopaddtocart.asp",1) > 0) Then
strAction = "RECAL" 
ELSE 

Logging IP addresses might be one way.

You also need to get the referrer data sent to the page another way. Possible using a hidden field in the posted form or by using the querystring.