Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
14.1.0, 11.6.1 HF2
Opened: Jul 06, 2016 Severity: 4-Minor
The obfuscated JavaScript injected by ASM for CSRF protection and other features causes web pages to fail w3c validation.
Threre is no end user impact, but if checking the page with w3c online validator it returns errors
CSRF or WebScrapping enabled in ASM policy
N/A
Wrapped the script in CDATA - the validator will not complain on errors.