Closed Bug 301847 Opened 20 years ago Closed 15 years ago

sfgate.com - Bits of JS show in page (including document.write) around Flash ad

Categories

(Tech Evangelism Graveyard :: English US, defect)

Product:
Tech Evangelism Graveyard
Component:
English US
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: sfraser_bugs, Unassigned)

References

(
URL
)

Details

Attachments

(3 files)

Screenshot
78.25 KB, image/png
Details
Another screenshot
209.54 KB, image/png
Details
Reduced testcase
1.22 KB, text/html
Details
On a couple of sites (sfgate.com, wired.com) I've noticed fairly frequently a problem where bits of JS show in the page around a Flash ad, commonly including document.write(). See sceenshot. Note that this may be affected by userContent.css ad blocking, possibly.
Attached image Screenshot
Just checked; this also happens if I disable the userContent.css, so it's not related to ad blocking. You might have to reload the url a few times to see it; it seems to depend on the ads that get served. This has also been seen on linux.
OS: MacOS X → All
Hardware: Macintosh → All
Attached image Another screenshot
Another observation: sometimes the ad-generating JS seems to document.write() both a flash-based ad, and an image. What I see on the page looks like: \n'); } if ( plugin ) { document.write(''); document.write(' '); document.write(' [Flash here] ');document.write(' '); document.write(' '); } else if (!(navigator.appName && navigator.appName.indexOf("Netscape")>=0 && navigator.appVersion.indexOf("2.")>=0)) {document.write(' [image here] '); } //--> so it appears that maybe the JS is being parsed as HTML rather than being interpeted.
I've only ever seen this (on linux) when stopping a page from loading. worksforme with linux seamonkey trunk build 2005072301 ==> parser
Assignee: nobody → parser
Component: Layout → HTML: Parser
QA Contact: layout → mrbkap
I think I've also seen this. I suspect that what's happening is that we're getting a document.write('</script>') in the wrong parser context. comment 5 can happen if you stop loading when we've seen a <script>script, but not the </script>.
By the way, it would be a really big help if you could save the generated source along with the original source (including the external script that writes the offending source) so we can see exactly which scripts are getting written incorrectly.
Attached file Reduced testcase
Here's the reducted testcase. The JS contains document.write('</script> \n'); which lacks escaping on the backslash.
This is fallout from bug 265814. We used to parse the output of document.write() in quirks mode no matter what mode the web page itself was in. That bug makes us parse the output of document.write() in whatever mode the page itself is in (which makes more sense to me). I think this may be INVALID. Note that DOCTYPE of the webpage given is: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">. Then, they document.write("<script><!--\n"); document.write("<script></script>"); document.write("\n//--></script>"). Before bug 265814, we'd parse this in quirks mode, and allow the comments to guide us where to end the outermost <script>. Now, since we're in standards mode, we don't, and the script ends at the first </script>. Perhaps we should open an evangelism bug on whoever runs the ad code, since they're generating invalid HTML with their document.write()s.
Morphing this into a Tech Evange. bug. It appears that we should either get this evangelized or back out bug 265814 before we release Firefox 1.5. The advertising provider in question is RealMedia http://www.realmedia.com/ . They provide the advertising for quite a few top sites (such as Salon, Playboy, sfgate, etc.). The problem is as described in comment 9. The probable fix would be to escape the document.write("</script>") that they have, so it'd look like |document.write("<\/script>")|, though I'm not entirely sure, since their ad code is so convoluted (bah, nested scripts always get so complicated!).
Component: HTML: Parser → English US
Product: Core → Tech Evangelism
Target Milestone: --- → Jul
Version: Trunk → unspecified
Assignee: parser → english-us
QA Contact: mrbkap → english-us
Chris, Rafael: do you have contacts with ReadMedia we could approach?
For further clarification/simplification, an example of the offending code (the URL contains a JS-generated random 12-digit number -- "1234562890" in this constructed example) can be found here: http://oascentral.sfgate.com/RealMedia/ads/adstream_mjx.ads/www.sfgate.com/news/article/1/1234562890@Top2,Middle1,Position2?kw=REC The function defined in this page is invoked using an inline script element containing |OAS_RICH('Position2');|, so everything in |if (position == 'Position2')| is executed (or parsed, as currently happens with some of it). The code document.write'd out is simply somewhat malformed in that a script element's tags are written out without escapes, causing code to be displayed. It's not fun, but it's trivial to convert the document.write's to the outputted code to see the problem.
Real and SfGate have been notified about the issue. I tried to get status update last week with no response. I'll follow up again in a few days.
Summary: Bits of JS show in page (including document.write) around Flash ad → sfgate.com - Bits of JS show in page (including document.write) around Flash ad
Ping! Any update on this? It makes FF 1.5 look crappy.
(In reply to comment #15) Not really. They know about the issue but maybe are waiting for us to release. I don't know. Wired is also affected. I'll start pinging the hell out of them tomorrow.
*** Bug 308004 has been marked as a duplicate of this bug. ***
INCOMPLETE due to lack of activity since the end of 2009. If someone is willing to investigate the issues raised in this bug to determine whether they still exist, *and* work with the site in question to fix any existing issues, please feel free to re-open and assign to yourself. Sorry for the bugspam; filter on "NO MORE PRE-2010 TE BUGS" to remove.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INCOMPLETE
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: