[Mono-aspnet-list] html being stripped from in-page javascript
Rexx Magnus
deane-mono at rexx.co.uk
Fri Jul 20 14:40:13 UTC 2012
I've noticed a peculiar glitch - it seems to be related to mono (or mod_mono)
rather than the way apache is handling the file, as I've tested this by
putting the output from a correctly rendered page in as a .htm file and
serving that up and it appears fine. It happens when serving an asp.net page
from apache running on a raspberry pi (debian squeeze arm), but I've also
tested the same pages on a virtual server running the same on an intel
machine and also on an arm based sheevaplug (all same software versions).
I am running the following versions (ask if you need more):
mono-apache-server2 2.6.5-3
mono-runtime 2.6.7-5
libapache2-mod-mono 2.6.3-4
Code as it should be output:
<script type="text/javascript">
///You can override these per page if necessary
//var waitdiv = '<div class="wait">#LABEL#<br/> Assets/rotator.gif
</div>';
//var errordiv = '<div class="error">#LABEL# Unable to
connect</div>';
//var sound = '';
-------------------------------------
Incorrect code that gets output:
<script type="text/javascript">
///You can override these per page if necessary
//var waitdiv = '
///You ca#LABEL#ide these per page if necessary
//var waitdiv';
//var errordiv = '<br/> Asse#LABEL# Unable to connect </';
//var sound = 'rdiv = '<div class="error">#LABEL#
Unable to connect</div>';
//var sound =';
-----------------------------------------------
Further down the same page in the script block
Correct script:
//Open nvp data in new window
var w = window.open();
$(w.document.body).html('
' + $site.html() + '
<br/>' + $thisnvp.html());
-----------------------------------------------
Munged script:
//Open nvp data in new window
var w = window.open();
$(w.document.body).html('
' + $site.html() + ' nvp data ' + $thisnvp.html());
----------------------------------------------
It looks like it's trying to strip out the html from within the javascript
(even when commented out) as though it's attempting to block content that
looks like an injection attack. I have tried disabling compression to see if
it's that causing the behaviour - but it still does the same.
It also does the same if I'm using mod-mono-server4 on the new raspbian
distribution for the raspberry pi, using mono 2.8.10
I'm pretty sure that I've got all of the configurations the same across
machines.
--
View this message in context: http://mono.1490590.n4.nabble.com/html-being-stripped-from-in-page-javascript-tp4650489.html
Sent from the Mono - ASP.NET mailing list archive at Nabble.com.
More information about the Mono-aspnet-list
mailing list