Gmail not loading when script is injected or even when a word is replaced, why?

StackOverflow https://stackoverflow.com/questions/17606732

Question

I was using fiddler core proxy to do some script injection. I noticed that gmail login just failed after its login progress bar moving forward and backward for some time. A sample is given below using c#, tested using google chrome as the browser. The below code goes inside the beforeresponse event of fiddler proxy where oS is the HTTP session.

  oS.utilDecodeResponse();
  oS.utilReplaceInResponse("</body>", "<script type='text/javascript'>var a = 10;</script></body>");

Updated

As Eric have suggested I made sure that the script is not making conflict with any other java script variables. Added the script only in the expected page when gmail logs in. However the problem is still there. 

                if (oS.oRequest.headers.HTTPMethod == "GET" || oS.oRequest.headers.HTTPMethod == "POST")
                {  //exclude other HTTP Status codes
                    if (oS.oResponse.headers.HTTPResponseStatus == "200 OK")
                    {
                        if (!oS.oRequest.headers.Exists("X-Requested-With"))
                        {
                            var accept = oS.oRequest.headers.FindAll("Accept");
                            if (accept[0].Value.Contains("text/html"))
                            {
                                if (oS.oResponse.MIMEType == "text/html")
                                {
                                    oS.utilDecodeResponse();



                                    string script = "alert("Hello");"
                                 //The main http request after gmail login has a response with a script closing tag before body closing, so I am replacing it with my script added.
                                  oS.utilReplaceOnceInResponse("</script></body>", script + "</script></body>", false));



                                }
                            }
                        }
                    }
                }

Works fine with chrome, however in safari and opera, alert is called infinitely so as the HTTP request to reload the page.

Was it helpful?

Solution

The problem you're having is that your replacement is insufficiently precise. You're replacing ALL instances of </body> on ALL pages with a string containing quotation marks. However, in some of the instances, the string you're replacing is appearing within JavaScript strings in the Google application, and as a consequence you're mangling the JavaScript string and causing a script error.

Use the following script sample to get a better understanding of all of the places you're replacing, then update your script to more specifically replace the expected string on only the expected page.

    oSession.utilDecodeResponse();
    if (oSession.utilReplaceInResponse("</body>", '<!-- INJECTED --></body>'))
    {            
        oSession["ui-backcolor"] = "lime";
    }
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top