Bug ID 756213: No support of injection into XHTML pages

Last Modified: Jul 03, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP FPS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,,, 14.0.0,,,,,, 14.1.0,,,,,,

Fixed In:

Opened: Jan 22, 2019
Severity: 3-Major


FPS does not inject the JS engine into pages with 'application/xhtml+xml' content-type.


DataSafe features (e.g., encryption and obfuscation) are not working on XHTML pages.


The content-type of the response is 'application/xhtml+xml'.



Fix Information

FPS now injects JS engine into 'application/xhtml+xml' pages. Note: JS removal detection does not work in this case (but it does work for HTML pages).

Behavior Change