[Mono-aspnet-list] html being stripped from in-page javascript

Fri Jul 20 14:40:13 UTC 2012

I've noticed a peculiar glitch - it seems to be related to mono (or mod_mono)
rather than the way apache is handling the file, as I've tested this by
putting the output from a correctly rendered page in as a .htm file and
serving that up and it appears fine. It happens when serving an asp.net page
from apache running on a raspberry pi (debian squeeze arm), but I've also
tested the same pages on a virtual server running the same on an intel
machine and also on an arm based sheevaplug (all same software versions).

I am running the following versions (ask if you need more):
mono-apache-server2 2.6.5-3
mono-runtime 2.6.7-5
libapache2-mod-mono 2.6.3-4

Code as it should be output:

  <script type="text/javascript">
        ///You can override these per page if necessary
        //var waitdiv = '<div class="wait">#LABEL#<br/> Assets/rotator.gif
</div>';
        //var errordiv = '<div class="error">#LABEL# Unable to
connect</div>';
        //var sound = '';
-------------------------------------
Incorrect code that gets output:
 <script type="text/javascript">
        ///You can override these per page if necessary
        //var waitdiv = '
        ///You ca#LABEL#ide these per page if necessary
        //var waitdiv';
        //var errordiv = '<br/> Asse#LABEL# Unable to connect </';
        //var sound = 'rdiv = '<div class="error">#LABEL#
Unable to connect</div>';
        //var sound =';

-----------------------------------------------
Further down the same page in the script block
Correct script:

//Open nvp data in new window
                var w = window.open();
                $(w.document.body).html('
' + $site.html() + '
<br/>' + $thisnvp.html());

-----------------------------------------------
Munged script:

//Open nvp data in new window
                var w = window.open();
                $(w.document.body).html('
  ' + $site.html() + ' nvp data ' + $thisnvp.html());

----------------------------------------------

It looks like it's trying to strip out the html from within the javascript
(even when commented out) as though it's attempting to block content that
looks like an injection attack. I have tried disabling compression to see if
it's that causing the behaviour - but it still does the same.

It also does the same if I'm using mod-mono-server4 on the new raspbian
distribution for the raspberry pi, using mono 2.8.10
I'm pretty sure that I've got all of the configurations the same across
machines.

--
View this message in context: http://mono.1490590.n4.nabble.com/html-being-stripped-from-in-page-javascript-tp4650489.html
Sent from the Mono - ASP.NET mailing list archive at Nabble.com.