tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Tomcat strips CRLFs from the generated page
Date Wed, 15 Jan 2014 08:15:20 GMT
> 
> On Wed, Jan 15, 2014 at 7:34 AM, André Warnier <aw@ice-sa.com> wrote:
> 
>> Asok Chattopadhyay wrote:
>>
>>> It looks like, the problem may be caused due to some scripts being
>>> inserted
>>> into the page by an external domain. I am investigating farther on that
>>> line.
>>> Thanks everybody.
>>>
>>>
>> Thank you anyway for writing this.  It allows us (and anyone else
>> consulting the email archives later) to see some logical end to the issue.
>>
>> But I have to say that considering your earlier descriptions of the issue
>> (a servlet just reading a local file and sending it), what you mention
>> above doesn't quite fit.
>> An "external domain" cannot just "insert some scripts" into a static page
>> on the server, can it ?
>> I'd be curious to see a real full and accurate explanation of the problem,
>> later.
>>


You keep top-posting, which is not nice.
Here is how it's done :

Asok Chattopadhyay wrote:
 > Thanks Andre,
 >
 > Whenever, the CRLFs are stripped, I find an extra line of script in the
 > page when I View source. The line was not in the original file test.html.
 >
 > Here is the extra line inserted:
 >
 >  <script src="
 > 
http://wac.edgecastcdn.net/800952/400b1e1c-5766-45fe-a132-1e98616c551e-api/gsrs?g=dae3ecf9-dab8-409b-952c-c2eb328442d9&is=trlssg
 > "></script>
 >
 > I have no idea how and when this get inserted. I set the browser to "Always
 > send Do Not Track header", yet it keeps coming. I have inserted a routine
 > to monitor all external scripts while I look for an appropriate forum that
 > could help me.
 >

Well, you are probably right to worry, but not about Tomcat.

If you are on a Windows PC, do this :
- install "wget" (you'll find it on the WWW)
- do :
cd \temp
C:\temp>wget -O suspect.js 
"http://wac.edgecastcdn.net/800952/400b1e1c-5766-45fe-a132-1e98616c551e-api/gsrs?g=dae3ecf9-d
ab8-409b-952c-c2eb328442d9&is=trlssg"

and then have a look at that "suspect.js"

Since it is not in the original file on the server, and since I cannot imagine how 
anything on the server can just "insert that section" into the page before returning it, 
we have to imagine that the insertion happens on your workstation.
Which looks to me like a possible virus/trojan.
Or an unexpected effect of the javascript that is already in your page, but possibly 
malware anyway.

Scan you PC.

And I will re-scan mine, because I also viewed your test page.

A Google search for : who is "wac.edgecastcdn.net"
can be helpful.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message