[Edbrowse-dev] bad byte in NASA's vendor.js

[Kevin Carhart <kevin@carhart.net>]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 1475 bytes --]


Wow!  I found something that can cause JS to crash, yet is more to do 
with our retrieval of javascript code files as large ascii files, rather 
than javascript-the-language.  It happens in nasa.gov and may be one 
reason why nasa.gov stopped working.

I was looking at all of the files successfully downloaded by curl as it 
tries to render nasa.gov, but when the run is still proceeding and has not 
yet aborted (assuming db5 is on).

One of these files is:
https://www.nasa.gov/sites/all/themes/custom/nasatwo/js/vendor.js?oinn2s

Now let's say you make a test html file that will load only vendor.js.
If you go to edbrowse and load this test file with db5, it says this:
vendor.js line 89049: SyntaxError: missing ) after condition

The bad line is like:
if (!d.isValid() || !that.get('value')) {


I played around with the bad line, and found that the syntax error is 
coming from an invisible character!

So the following bytes can make the javascript processing of vendor.js 
fail, screwing things up downstream.

64
28
29
20
7C
7C
A0

The 7C 7C is the "OR" double pipe symbols.  So if you change A0 to a 
regular space, the syntax error goes away.

64
28
29
20
7C
7C
20

How about that!  So is this something we can deal with someplace way more 
low-level than in parsing javascript code itself, such as in http.c when 
the bytes are retrieved?

Will nasa.gov come back when we address this?  Don't know yet, but this is 
definitely a necessary precondition.

Kevin