Bug ID 603071: XHTML validation fails on obfuscated JavaScript

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
14.1.0, 11.6.1 HF2

Opened: Jul 06, 2016

Severity: 4-Minor


The obfuscated JavaScript injected by ASM for CSRF protection and other features causes web pages to fail w3c validation.


Threre is no end user impact, but if checking the page with w3c online validator it returns errors


CSRF or WebScrapping enabled in ASM policy



Fix Information

Wrapped the script in CDATA - the validator will not complain on errors.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips