Bug ID 484053: ASM JavaScripts are not injected or they are injected to the wrong place

Last Modified: Jul 13, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3

Fixed In:
12.0.0

Opened: Oct 13, 2014

Severity: 3-Major

Related Article: K73515314

Symptoms

ASM JavaScripts (such as CSRF or CSHUI) are not injected, or they are injected in the wrong place in the code.

Impact

Page fails to load, application broken, or the script does not function.

Conditions

A feature with JavaScript injection is configured and there is an apostrophe or quotation marks in the response page.

Workaround

This issue has no workaround at this time.

Fix Information

We improved the way ASM parses responses so that it can better detect where to inject JavaScript when there are quotation marks or apostrophes.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips