Norton Ad Blocking and AJAX

Posted by Patrice Neff Tue, 26 Sep 2006

Management summary of this article: turn off Norton Ad Blocking as installed by Norton Personal Firewall. It sucks. If you are interested in details or you develop AJAX sites for the broad market, read on.

Some users were not able to navigate to page two, three, etc. on the result lists of As that functionality is implemented with AJAX I first suspected a general XMLHTTPRequest problem. But funnily enough people were still able to submit feedback – which is also submitted to our server with an AJAX call. After seeing some of the raised JavaScript exceptions by our users I noticed that there was a function called SymOnLoad in the output. As we don’t have any function by that name I started investigating and found a connection to the Norton Personal Firewall.

It turns out that the Norton Personal Firewall will insert it’s own script tags into the delivered pages when the ad blocker is enabled. It does so only if there are script tags already in the original page as well. In our case we hade a script tag in JSON responses. The addition by the Norton Firewall caused the resulting JSON to be invalid and thus raising exceptions. Those exceptions in turn were silently ignored because of the Norton Firewall addition.

I fixed the issue by removing the script tag and putting the corresponding script in our general utility file. The other solution would have been to check for existence of the Norton Firewall and turn off AJAX in that case. It’s actually quite easy to detect Norton Firewall. Something like

if (typof(SymOnLoad) != 'undefined') {
    useAjax = false;

should do the trick.