none
Injected code is not valid XHTML RRS feed

  • Question

  • The Microsoft.AspNetCore.All package contains a Microsoft.AspNetCore.ApplicationInsights.HostingStartup which depends on Microsoft.ApplicationInsights.AspNetCore (currently in 2.1.1 version).

    If my project contains a appsettings.json file with an instrumentation key for Application Insights it breaks debugging of my web app. The injected JavaScript snippet is present even if Application Insights are turned off in Startup.cs file:

    #if !DEBUG
        services.AddApplicationInsightsTelemetry();
    #endif

    The injected code is invalid XML and breaks parsing in all browsers.

    var appInsights=window.appInsights||function(config){
                function i(config){t[config]=function(){var i=arguments;t.queue.push(function(){t[config].apply(t,i)})}}var t={config:config},u=document,e=window,o="script",s="AuthenticatedUserContext",h="start",c="stop",l="Track",a=l+"Event",v=l+"Page",y=u.createElement(o),r,f;y.src=config.url||"https://az416426.vo.msecnd.net/scripts/a/ai.0.js";u.getElementsByTagName(o)[0].parentNode.appendChild(y);try{t.cookie=u.cookie}catch(p){}for(t.queue=[],t.version="1.0",r=["Event","Exception","Metric","PageView","Trace","Dependency"];r.length;)i("track"+r.pop());return i("set"+s),i("clear"+s),i(h+a),i(c+a),i(h+v),i(c+v),i("flush"),config.disableExceptionTracking||(r="onerror",i("_"+r),f=e[r],e[r]=function(config,i,u,e,o){var s=f&&f(config,i,u,e,o);return s!==!0&&t["_"+r](config,i,u,e,o),s}),t
            }({
                instrumentationKey: '...'
            });
    
            window.appInsights=appInsights;
            appInsights.trackPageView();
    • Ampersands (&&) are notencoded as XML entities. They should be encoded as "&&", or
    • whole block should be in CData section /* <![CDATA[ */ ... /* ]]> */.
    • Consider adding an async attribute (async="") to the script element. Current implementation slows down rendering of the page, because the XHTML parser must switch to ECMAScript parser, parse the snippet code, execute it and then the XHTML parser can continue with parsing of body element.
    Thursday, October 19, 2017 12:19 PM