Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Invalid viewstate for ScriptResource.axd?

The Script Resource and the Web Resource files are generating intermittent errors in my application. I have been trying to chase the cause of the problem but to no avail. I notice that the “d” parameter that is passed is some how corrupted and I can’t for the life of me figure out what’s causing this parameter to be corrupted. I noticed that JavaScript code that in my application is some how getting intertwined with the hash code that’s generated for the “d” parameter.

Exception genereated on Monday, January 26, 2009, at 2:20 AM
Page location: /ScriptResource.axd?d=y9_dUwBeGqLlRpT5Dml1zhoQvfa7NKdj69EYuV771kzSsa5KOOXBfJZjk%20%20%20%20%20%20%20%20%20%20%20%20if%20(cat_gallery%20!=
Requested Url : http://garmn.factoryoutletstore.com/ScriptResource.axd?d=y9_dUwBeGqLlRpT5Dml1zhoQvfa7NKdj69EYuV771kzSsa5KOOXBfJZjk if (cat_gallery !=
Message: Exception has been thrown by the target of an invocation.
Source: mscorlib
Method: System.Object _InvokeMethodFast(System.Object, System.Object[], System.SignatureStruct ByRef, System.Reflection.MethodAttributes, System.RuntimeTypeHandle)
Stack Trace: at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters) at System.Web.Handlers.ScriptResourceHandler.DecryptString(String s) at System.Web.Handlers.ScriptResourceHandler.DecryptParameter(NameValueCollection queryString) at System.Web.Handlers.ScriptResourceHandler.ProcessRequest(HttpContext context) at System.Web.Handlers.ScriptResourceHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Inner Exception: System.Web.HttpException: Invalid viewstate. at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType) at System.Web.UI.Page.DecryptString(String s)
User IP: 74.34.62.187

BaseMessage : Exception genereated on Monday, January 26, 2009, at 2:20 AM
Page location: /ScriptResource.axd?d=y9_dUwBeGqLlRpT5Dml1zhoQvfa7NKdj69EYuV771kzSsa5KOOXBfJZjk%20%20%20%20%20%20%20%20%20%20%20%20if%20(cat_gallery%20!=
Requested Url : http://garmn.factoryoutletstore.com/ScriptResource.axd?d=y9_dUwBeGqLlRpT5Dml1zhoQvfa7NKdj69EYuV771kzSsa5KOOXBfJZjk if (cat_gallery !=
Message: Invalid viewstate.
Source: System.Web
Method: System.String DecryptStringWithIV(System.String, System.Web.Configuration.IVType)
Stack Trace: at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType) at System.Web.UI.Page.DecryptString(String s)
User IP: 74.34.62.187
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322; Zune 3.0)
like image 445
JamTech Avatar asked Jan 26 '09 16:01

JamTech


2 Answers

I have been analyzing the data that I have been collecting and I have drawn a few conclusions. I noticed that a large majority of the errors that I have been getting are coming from windows Vista computers running IE 8 or Firefox 3. There where also a few cases where it was Vista and IE 7. This could explain why the errors are now just becoming an issue as more and more people are using the new operating system.

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; FunWebProducts; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GoogleT5; MSN Optimized;CA; MSN Optimized;CA) Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB5; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; Media Center PC 5.0)

But anyways the conclusion that I want to get at is that based on this information I started looking into how the browsers process java scripts and if there was anything new that could be causing this issue, that’s when something interesting pop out at me, I found on the w3School website an article about the difference in html vs. xhtml.

Differences between HTML and XHTML HTML 4 and XHTML deal different with the content inside scripts:

In HTML 4, the content type is declared as CDATA, which means that entities will not be parsed. In XHTML, the content type is declared as (#PCDATA), which means that entities will be parsed. This means that in XHTML, all special characters should be encoded or all content should be wrapped inside a CDATA section.

To ensure that a script parses correctly in an XHTML document, use the following syntax:

So I immediately took a look into my code and I saw that the DOCTYPE directive was missing on some of my pages the sameones that are causing the Issue. I also noticed that where I was outputting JavaScript using the .NET Register Client Script routine it would wrap the inner content of the script tags with the CDATA attribute, while where there was the regular JavaScript written on the page there was no CDATA used. For example

Function RunMe() { }

I am no expert on how browser’s renders or parse the html return, but I strongly believe it has some thing to do with the situation above because the Url parameter in the Script Resource request whenever it crashes always contains code in between script tags that's below it. Some times there is even html style sheet code that can be found there as well. For example

http://braun.factoryoutletstore.com/ScriptResource.axd?d=70kBR-jPBTx9R89FxObjhipHPS9CMlta5W6ZZiqkaa5zNOXUU4DtsY8V_8function runSearchForField(eventObj, id){ if ((eventObj.which == 13) || (eventObj.keyCode == 13)) { var cat_gallery = getParam('gallery'); var cat = getParam('cat') var searchTerm = escape(document.getElementById(id).value); // must use escape() function to urlencode search term to avoid issues with '&' and '=' symbols var url; if (cat_

http://braun.factoryoutletstore.com/ScriptResource.axd?d=9vS7Hk65j_0hD8to_aPDj

Now what am thinking is that some how because am not specifying any DOCTYPE in the page the browser might be trying to infer based on the data its receiving then it ends up messing up because sometimes there is CDATA and there are times when there is no CDATA present in the page. I don’t know really if this is a solid assumption cause as they say assumptions as dangerous. If anyone can shade some light on my theory and let me know if the browsers are parsing the xhtml differently that older version or even if they had any similar situations.

like image 101
JamTech Avatar answered Sep 20 '22 19:09

JamTech


We've experienced the same and it appears to be related to a bug in IE8's rendering engine.

Take a look at the following resources: http://blogs.msdn.com/ieinternals/archive/2009/07/27/Bugs-in-the-IE8-Lookahead-Downloader.aspx http://connect.microsoft.com/IE/feedback/ViewFeedback.aspx?FeedbackID=467062

Basically there are a few tags on the page that are causing a "parser restart" which causes 4K of the HTML in the page to be omitted. This means that the browser is putting HTML on to the ScriptResource.axd that occurs 4096 bytes later in the page.

like image 21
Jonathan Oliver Avatar answered Sep 22 '22 19:09

Jonathan Oliver