On Wed, Jan 15, 2014 at 7:34 AM, André Warnier <a...@ice-sa.com> wrote:

Asok Chattopadhyay wrote:

It looks like, the problem may be caused due to some scripts being
inserted
into the page by an external domain. I am investigating farther on that
line.
Thanks everybody.


Thank you anyway for writing this.  It allows us (and anyone else
consulting the email archives later) to see some logical end to the issue.

But I have to say that considering your earlier descriptions of the issue
(a servlet just reading a local file and sending it), what you mention
above doesn't quite fit.
An "external domain" cannot just "insert some scripts" into a static page
on the server, can it ?
I'd be curious to see a real full and accurate explanation of the problem,
later.



You keep top-posting, which is not nice.
Here is how it's done :

Asok Chattopadhyay wrote:
> Thanks Andre,
>
> Whenever, the CRLFs are stripped, I find an extra line of script in the
> page when I View source. The line was not in the original file test.html.
>
> Here is the extra line inserted:
>
>  <script src="
> http://wac.edgecastcdn.net/800952/400b1e1c-5766-45fe-a132-1e98616c551e-api/gsrs?g=dae3ecf9-dab8-409b-952c-c2eb328442d9&is=trlssg
> "></script>
>
> I have no idea how and when this get inserted. I set the browser to "Always
> send Do Not Track header", yet it keeps coming. I have inserted a routine
> to monitor all external scripts while I look for an appropriate forum that
> could help me.
>

Well, you are probably right to worry, but not about Tomcat.

If you are on a Windows PC, do this :
- install "wget" (you'll find it on the WWW)
- do :
cd \temp
C:\temp>wget -O suspect.js "http://wac.edgecastcdn.net/800952/400b1e1c-5766-45fe-a132-1e98616c551e-api/gsrs?g=dae3ecf9-d
ab8-409b-952c-c2eb328442d9&is=trlssg"

and then have a look at that "suspect.js"

Since it is not in the original file on the server, and since I cannot imagine how anything on the server can just "insert that section" into the page before returning it, we have to imagine that the insertion happens on your workstation.
Which looks to me like a possible virus/trojan.
Or an unexpected effect of the javascript that is already in your page, but possibly malware anyway.

Scan you PC.

And I will re-scan mine, because I also viewed your test page.

A Google search for : who is "wac.edgecastcdn.net"
can be helpful.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to