Why is this call automatically inserted into the HTML body?

Question

Why is this call automatically inserted into the HTML body?

Asked 8 years ago

Viewed 213 times

4

In an app I’m using the Javascript libraries: jQuery, Angular, Angular Material and Moment. Totaling I have the following calls in my file:

<script src="vendor/jquery/jquery-3.1.1.js" type="text/javascript"></script><script src="vendor/angular/angular.js" type="text/javascript"></script>
<script src="vendor/angular/angular-animate.js" type="text/javascript"></script>
<script src="vendor/angular/angular-aria.js" type="text/javascript"></script>
<script src="vendor/angular/angular-cookies.js" type="text/javascript"></script>
<script src="vendor/angular/angular-messages.js" type="text/javascript"></script>
<script src="vendor/angular/angular-route.js" type="text/javascript"></script>
<script src="vendor/angular/angular-sanitize.js" type="text/javascript"></script>
<script src="vendor/angular/angular-base64.min.js" type="text/javascript"</script>
<script src="vendor/angular/re-tree.min.js" type="text/javascript"></script>
<script src="vendor/angular/ng-device-detector.min.js" type="text/javascript"></script>
<script src="vendor/angular/angular-mask.min.js" type="text/javascript"></script>
<script src="vendor/moment/moment.js" type="text/javascript"></script>
<script src="vendor/moment/moment-with-locales.js" type="text/javascript"></script>
<!-- angular-material -->
<script src="vendor/angular-material/angular-material.min.js" type="text/javascript"></script>

Theoretically they are all reliable libraries, but when running my application is mysteriously inserted this call to the HTML body.

<script src="//s3.eu-central-1.amazonaws.com/forton/live_http_headers.js"></script>

I have tried to remove most libraries keeping only the necessary, I also searched the requested url in the library archives, but it is not found. Another detail is that when ordering this information access is blocked.

However, this url would be useful?
Can be a risk to the project?
Do any of the libraries cited use these resources?

Would you be using Firefox? I believe that this should be a dependency automatically loaded via some add-on from your browser. Try opening with another browser, and see if this javascript still remains.

– Carlos Silva

2016/10/31 at 20:32
Sometimes, within one of these libraries, it may contain a dependency, and this dependency may be called in an auto create element, for example: (function(a,b,c,d) {
 
 a = s.createElement(o),
 m = s.getElementsByTagName(o)[0];
 a.async = 1;
 a.src = g;
 m.parentNode.insertBefore(a, m)
})(window, document, 'script', '//script.js', 'exec'); But apparently you have malware in your browser, see here

– Ivan Ferrer

2016/10/31 at 20:40

1 answer

Browser other questions tagged jquery angularjs angular-material momentjs

You are not signed in. Login or sign up in order to post.

by Heliton Junior • 56 points · Answer 1 · 2016-12-02T05:53:15+00:00

This script inserted at runtime, is done by the Chrome extension:

Live HTTP Headers

More information about this extension you can find in the link below:

https://www.reddit.com/r/chrome/comments/5arx3l/live_http_headers_extension_hijacked/