I'm working with an embedded (Active X?) instance of IE within a VB6 application.
The browser displays demographic information based off the selected person (displayed as a list).
Everything works great until I try to quickly select different people from the list (clicking randomly over different people as fast as I can). After a few clicks, get two errors.
The first is an "Internet Explorer Script Error"
It says:
An Error has occurred in the script on this page
Line:
Char:
Error:
Code:
URL:
Do you want to continue running scripts on this page? yes|No
(Line, Char, Error, Code, URL are all blank).
The second error pops up directly over the first.
It says:
"Message from webpage
An error has occurred in this dialog
Error:53 Permission denied"
The page makes multiple ajax calls and also contains several iFrames (I'm thinking these are the cause).
Any advice on how to debug / resolve / avoid the problem would be most appreciated.
Thanks!
EDIT
Here is an image of the error
EDIT
I get a JScript anonymous function, No source available when I do happen to catch the error.
EDIT
I've successfully caught some of the errors. It seems that they are stemming primarily from MicrosoftAjax.js
Occurs Consistently: MicrosoftAjax.js - Sys._Application.callBaseMethod(this,"initialize"); Object Expected
Occurred Once: jquery-1.4.2.min.js - b.InsertBefore(d,b.firstChild) Object Expected
Occurred Once: Out of Memory Exception.
My host application is not using MicrosoftAjax.js at all, but the child iFrame applications are all asp.Net applications.
After a lot of testing and trying to figure out if I really needed to edit MicrosoftAjax.js to fix the problem, I finally found a solution that seems to have resolved the issue.
I added,
<script type="text/javascript">
window.onerror = function (e) { return true; }
</script>
to the header of ever application that I was pulling in via the iFrames, as well as to the parent page. It's been about two days since I made these changes and so far so good (though I'll need a few more days of testing to confirm that it's working 100%).
I had tried this before without success, but that was due to the position of the Script. I had other scripts (like jQuery and MicrosoftAjax) that were positioned before it. Those scripts threw errors before my window.onerror script was even evaluated.
Another interesting thing is that the iFrame errors seem to bubble up regardless of the error handling on the parent page. So I went into our Code repository and made the necessary changes to each of the applications I was pulling in.
Lastly, I want to say thank you to #Jacob for his initial help in troubleshooting this issue.
EDIT
Just wanted to add that I would have preferred to fix the error over burying it, but in the interest of time, this is the solution I've gone with for now.
If you want to just suppress Javascript errors, try setting the Silent property of the WebBrowser to True.
I've found that most of the IE "Permission denied" errors have to do with sharing Javascript objects between windows/frames. Since you produce it with rapid random clicking, I'm guessing this has to do with iframes/windows going away while their content is still being accessed.
One strategy you could use to avoid these problems is to never share any objects between frames. Wherever an object is created, that frame should be responsible for all operations and access to its members. Outside access should be controlled completely through calls to "interface" Javascript functions.
Try
WebBrowser1.ScriptErrorsSuppressed = true;
Related
I run my application with VERACODE tool but I got struggling with some issues.
One of the issue which I face is Improper Neutralization of the Script-Related HTML Tags in a Web Page (Basic XSS) (CWE ID 80).
This happens in many screens in my application.
In the following particular line:
NewDivButton.Style["display"] = SearchParameters.NewDivButtonVisibility;
Does anyone have any suggestion on how to fix this issue?
Welcome Manikandan. The best answer to this question would involve knowledge of the language/framework you're using if you could share that?
One thing to note, is that there are many things you could do that would make the warning "go away", but wouldn't make your app any more secure. For that reason, it's best to understand the core of the problem, and then apply the standard fix for the language/framework you're working in. If in doubt, check with a security professional.
In general, XSS is a set of issues where you (potentially) render user input as part of your output.
In this example if I send you a link that says yoursite.com?NewDivButtonVisibility=">SendYourPrivateInfoSomewhereBad();
If you click a link like this, and the site blindly inserts the script into the page, it could steal data.
The best protection is often to validate input, only allowing known-valid input through.
Another common approach is to HTML-encode the unknown value being displayed. However, more care is needed depending on where the output is rendered (e.g. if already within a script tag)
There's much more general information on this type of issue here: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#cross-site-scripting-prevention-cheat-sheet
I was viewing the error log for a site I develop for, and a certain line in a page is giving a null reference exception every now and then, very randomly. For example of the randomness, it maybe will return null once or twice in every 100 hits.
Here is the line:
#Resources.Global.ThankYou
And here is the structure of the resources folder (The Resources folder is at the root of the web project folder):
The users I have spoken to with the error all seem to be on english operating systems, and all the errors in the log I checked have this similarity in their passed HTTP request attributes:
HTTP_ACCEPT_LANGUAGE:en-au
And most but not all users that experience the issue seem to be on an iphone or ipad (some android too).
To try and replicate the Issue I have pushed english-australian to the top of my language list and tested the exact same page, but it works fine - as it does for the other 98% of users, and picks up the default Global.resx ThankYou value which is in english.
Has anyone got any ideas to how some users could get the random null reference exception? I will be VERY grateful for any feedback!
If this helps anyone, it ended up being a misleading exception from ASP.NET. The error was actually occurring in the following lines where a property of the model was null in some instances. ASP.NET Incorrectly was stating it was on the Resource. Here is an example I was able to replicate:
The error was actually on the circled property 2 lines later, not on the line suggested by asp.net. I hope this helps!
I have a kentico 6 installation, if i go to CMSDesk, edit one particular content item (document i suppose) and try to save it i get the following error in a javascript alert: "This action is not allowed in current context". There is not much information on this error on the internet, it says that one of the parts of the page is broken, is there any way to determine which one? I get this error for ONLY ONE item, all the others are fine. Any ideas are welcome, I will provide any info needed.
You can check the Event log for any errors:
CMSSitemanager > Administration > Event log
Have you recently done any upgrades to the system? This typically happens with an upgrade. It is specifically related to JS files. I've specifically experienced it with upgrades to major versions (6->7, 7->8, etc). What you might do is try to clear the cache on the server and within you browser.
It can also be related to bad markup. You might check to see if you have a <form> tag or other invalid markup, correct it and see if this resolves your issue.
I'm getting an error that appears at seemingly random occations.
Unable to cast object of type 'ASP.controls_ucscalevalue_ascx' to type
'Controls_ucScalevalue'.
what makes it weird is that it sometimes occur, and then dissappears with no real change in the code.
we're 2 people working on this project, while the error appear on one machine, the other is able to run it error free. According to github we're both completely synced up.
the line that triggers the code is this one
Controls_ucScalevalue value = (Controls_ucScalevalue)Page.LoadControl("Controls/ucScalevalue.ascx");
it works 90% of the time, but the last 10% we're somewhat stuck and can't figure out how to get rid of this error message.
It is a bug of microsoft. If you edit the user control sometimes the error dissapear, if you edit other control the error appears again. It occurs in proyects in asp.net 2.0. In MSN you can read about the error and download the fix. Here: msdn fix loadcontrol
Sorry if this is duplicate but I've been going crazy for the past two hours over this.
After changing the Master Page in ASP.NET MVC 1.0 application, I keep getting this familiar error when I try a postback without filling in the mandatory form elements which are validated by the server:
"Validation of viewstate MAC failed.
If this application is hosted by a Web
Farm or cluster, ensure that
configuration specifies
the same validationKey and validation
algorithm. AutoGenerate cannot be used
in a cluster."
The new page refers to a lot of jQuery code with lightboxes, superfish etc. Could that be a problem while doing a postback?
If I revert back to the original master, the error disappears and I'm able to validate form fields. Both masters are located in the same path.
I know a lot of other guys have faced this issue but I was unable to find anything which could help me.
Thanks.
Edited and added
After a little debugging, I've realized that a directive in the master page:
<% Html.RenderAction("menu", "nav"); %>
is creating the problem. The directive asks the "menu" action of the controller "nav" to inject a partial view Menu.ascx. If I delete this line from the new master page, everything works OK. My app's left bar navigation relies on this directive to work properly. Is there any way I can get around this? Very mysterious.
Are you using Html.AntiForgeryToken() anywhere on this page? Sometimes when I am testing locally with multiple different sites and / or port changes this will happen to me. If it does I clear my browser cache and it works just fine.
I did experienced the same problem two days ago. :)
A simple restart of the box has worked in my case so I did'nt investigate further.