Bug ID 915133: Single Page Application can break the page, when hooking is done by the end server application.

Last Modified: Jul 21, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 16.1.0

Opened: Jun 08, 2020
Severity: 4-Minor

Symptoms

When the end server application hooks some of the XHR callback functions (onload, onreadystate, send, open..), and a Single Page Application is used, the application page may malfunction.

Impact

Web page does not render properly. It might result in a blank page, missing functionality, etc.

Conditions

This may occur when a server application hooks some XHR callbacks, and one of the following: -- Bot Defense Profile with 'Single Page Application' enabled and attached to the virtual server. -- ASM Policy with 'Single Page Application' enabled and a JS feature is attached to the virtual server. -- DoS Profile with Application Security and 'Single Page Application' enabled and is attached to the virtual server.

Workaround

Run the command: tmsh modify sys db dosl7.parse_html_inject_tags value "after,body"

Fix Information

None

Behavior Change