Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0
Opened: Nov 04, 2016 Severity: 3-Major
If HTML page contains SCRIPT tag with HTML comment inside, the end of this SCRIPT tag may be found incorrectly by Portal Access.
The end of the SCRIPT tag is determined incorrectly by server-side HTML parser. In the example above, the end of SCRIPT tag is set at first '</script>' string. HTML page and scripts inside it may be handled incorrectly; web application may not work as expected.
- HTML page with SCRIPT tag - HTML comment inside this tag - strings '<script>' and '</script>' inside this HTML comment Example: <script> <!-- var i=1; // <script> var line = "</script>"; //--> </script>
Split '</script>' string inside HTML comment into concatenation of two separate strings by iRule.
Now interaction between HTML SCRIPT tag and HTML comment tag is handled correctly by server-side HTML parser in APM Portal Access.