Bug ID 423007: The .toString() fuinction could return mangled source for inline event handler.

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.3.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF9

Opened: Jun 10, 2013

Severity: 3-Major

Related Article: K19147220

Symptoms

The .toString() function applied to event handler reference (like document.body.onload.toString() ) could return event handler source with our modifications. This may lead to errors in web application.

Impact

Some web applications could work incorrectly.

Conditions

Event handler was defined inline as a HTML tag attribute.

Workaround

This issue has no workaround at this time.

Fix Information

Fixed an issue where toString function could return mangled text of inline html event handler.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips