Skip to main content

Bug Tracker

Side navigation

#13314 closed bug (notabug)

Opened January 23, 2013 09:57PM UTC

Closed January 26, 2013 06:41PM UTC

jQuery-2.0.0b1.js triggers HTML/Framer threat detection on AVG Business Edition 2012

Reported by: mendrel@gmail.com Owned by:
Priority: undecided Milestone: None
Component: unfiled Version: 2.0b1
Keywords: Cc:
Blocked by: Blocking:
Description

This isn't directly related to jQuery itself, and so the ticket may be closed, but I wanted to bring up an issue that others may run into but not understand why. I hope that the Googles picks this up and it eventually helps someone.

While developing using the 2.0.0b1 unminified version in Firefox 18.0.1 I received an AVG Threat Detection about an HTML/Framer exploit. I cleared the threat and moved on but it kept coming back each time I refreshed the page. In addition, I received many console errors that showed jQuery wasn't being loaded while according to the page source the file was clearly there, in the correct path, etc... I also noticed that with a Shift+Refresh the 'threat' wasn't detected. I finally disabled AVG (thank you admin rights in a corporate setting...) and opened the targeted/threat file...the contents were...jQuery!?

What appears to be happening, and I'm not sure how to confirm, is that Firefox is creating a local cache of the file, however, AVG scans the file and must detect something 'script like' and contains the word 'iframe' or some such thing. Thinking that the file is some kind of new exploit it refuses to allow access to the file leading to the errors I was seeing. Curiously, minifying the file stops the detection of jQuery as a threat. I can repeatably reproduce the error, but am not sure how to 'trouble shoot' the issue. And I don't believe this is truly an issue that needs to be resolved (Sorry whoever is managing these reports for the noise) or it will 'go away' on it's own as the codebase changes and a minified version is available.

Other than that, I hope this helps someone, or someone gets curious as to why this is happening. jQuery upgrade from 1.8->2.0b went flawlessly on a fairly complex codebase with only one error from a depreciated third party library. Thanks!

Attachments (0)
Change History (1)

Changed January 26, 2013 06:41PM UTC by dmethvin comment:1

resolution: → notabug
status: newclosed

Not sure there's anything we can do about it on this end. I hope AVG will realize the error of their ways.