Feeds

T-Mobile JavaScript comment stripper breaks websites

It's not optimisation, it's pessimisation

Secure remote control for conventional and virtual desktops

Attempts by T-Mobile to speed up mobile data connections are breaking websites.

The bug intermittently affects mobile device users and PC users using tethered connections. It is caused by "optimisations" to the sites' Javascript code made on the fly, in attempt to optimise the amount of data received. Instead of stripping out comments, the optimisation – or more precisely, "pessimisation" – also strips out strings in the code itself.

MySociety first publicised the issue last week.

A developer told us the bug struck while his team was giving a demo to a potential investor. The team subsequently spent two days tracking down what had caused the issue.

"T-Mobile have managed to strip out bits of JavaScript code as well as comments. The jQuery library suffers, too. Worse than that, the script files are cached and won't get replaced when the user moves off 3G and back on to a decent ISP: in effect, T-Mobile has broken websites permanently," said the dev.

MySociety's Matthew Somerville blamed clumsy coding:

"The T-Mobile JavaScript comment-stripper appears to be searching for '/*' and '*/' and removing everything in between. This might work in most cases; however in the jQuery library, we find a string containing '*/*', and later down the file, another string containing '*/*'. T-Mobile removes everything between the things it thinks are comment markers, even though they're actually contained within strings, causing the jQuery library to be invalid JavaScript and stopping anything using jQuery from running," he wrote.

The apparent indeterministic nature of the bug – which attacks only occasionally – has made it harder to track down. "We are investigating the issue you have raised and are taking it very seriously," T-Mobile told us. ®

Internet Security Threat Report 2014

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.