On Wed, Jan 15, 2014 at 4:15 PM, André Warnier <a...@ice-sa.com> wrote:
> >> On Wed, Jan 15, 2014 at 7:34 AM, André Warnier <a...@ice-sa.com> wrote: >> >> Asok Chattopadhyay wrote: >>> >>> It looks like, the problem may be caused due to some scripts being >>>> inserted >>>> into the page by an external domain. I am investigating farther on that >>>> line. >>>> Thanks everybody. >>>> >>>> >>>> Thank you anyway for writing this. It allows us (and anyone else >>> consulting the email archives later) to see some logical end to the >>> issue. >>> >>> But I have to say that considering your earlier descriptions of the issue >>> (a servlet just reading a local file and sending it), what you mention >>> above doesn't quite fit. >>> An "external domain" cannot just "insert some scripts" into a static page >>> on the server, can it ? >>> I'd be curious to see a real full and accurate explanation of the >>> problem, >>> later. >>> >>> > > You keep top-posting, which is not nice. > Here is how it's done : > > Sorry about that! I am using gmail and it shows a box for reply and I just used that. May be this time it should be OK. > > Asok Chattopadhyay wrote: > > Thanks Andre, > > > > Whenever, the CRLFs are stripped, I find an extra line of script in the > > page when I View source. The line was not in the original file test.html. > > > > Here is the extra line inserted: > > > > <script src=" > > http://wac.edgecastcdn.net/800952/400b1e1c-5766-45fe- > a132-1e98616c551e-api/gsrs?g=dae3ecf9-dab8-409b-952c- > c2eb328442d9&is=trlssg > > "></script> > > > > I have no idea how and when this get inserted. I set the browser to > "Always > > send Do Not Track header", yet it keeps coming. I have inserted a routine > > to monitor all external scripts while I look for an appropriate forum > that > > could help me. > > > > Well, you are probably right to worry, but not about Tomcat. > > If you are on a Windows PC, do this : > - install "wget" (you'll find it on the WWW) > - do : > cd \temp > C:\temp>wget -O suspect.js "http://wac.edgecastcdn.net/ > 800952/400b1e1c-5766-45fe-a132-1e98616c551e-api/gsrs?g=dae3ecf9-d > ab8-409b-952c-c2eb328442d9&is=trlssg" > > and then have a look at that "suspect.js" > > Since it is not in the original file on the server, and since I cannot > imagine how anything on the server can just "insert that section" into the > page before returning it, we have to imagine that the insertion happens on > your workstation. > Which looks to me like a possible virus/trojan. > Or an unexpected effect of the javascript that is already in your page, > but possibly malware anyway. > > Scan you PC. > > And I will re-scan mine, because I also viewed your test page. > > A Google search for : who is "wac.edgecastcdn.net" > can be helpful. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > Thanks, I'll do as you suggest. Regards.
