Bug Tracker

Opened 6 years ago

Closed 6 years ago

#13314 closed bug (notabug)

jQuery-2.0.0b1.js triggers HTML/Framer threat detection on AVG Business Edition 2012

Reported by: mendrel@… Owned by:
Priority: undecided Milestone: None
Component: unfiled Version: 2.0b1
Keywords: Cc:
Blocked by: Blocking:

Description

This isn't directly related to jQuery itself, and so the ticket may be closed, but I wanted to bring up an issue that others may run into but not understand why. I hope that the Googles picks this up and it eventually helps someone.

While developing using the 2.0.0b1 unminified version in Firefox 18.0.1 I received an AVG Threat Detection about an HTML/Framer exploit. I cleared the threat and moved on but it kept coming back each time I refreshed the page. In addition, I received many console errors that showed jQuery wasn't being loaded while according to the page source the file was clearly there, in the correct path, etc... I also noticed that with a Shift+Refresh the 'threat' wasn't detected. I finally disabled AVG (thank you admin rights in a corporate setting...) and opened the targeted/threat file...the contents were...jQuery!?

What appears to be happening, and I'm not sure how to confirm, is that Firefox is creating a local cache of the file, however, AVG scans the file and must detect something 'script like' and contains the word 'iframe' or some such thing. Thinking that the file is some kind of new exploit it refuses to allow access to the file leading to the errors I was seeing. Curiously, minifying the file stops the detection of jQuery as a threat. I can repeatably reproduce the error, but am not sure how to 'trouble shoot' the issue. And I don't believe this is truly an issue that needs to be resolved (Sorry whoever is managing these reports for the noise) or it will 'go away' on it's own as the codebase changes and a minified version is available.

Other than that, I hope this helps someone, or someone gets curious as to why this is happening. jQuery upgrade from 1.8->2.0b went flawlessly on a fairly complex codebase with only one error from a depreciated third party library. Thanks!

Change History (1)

comment:1 Changed 6 years ago by dmethvin

Resolution: notabug
Status: newclosed

Not sure there's anything we can do about it on this end. I hope AVG will realize the error of their ways.

Note: See TracTickets for help on using tickets.