Cannot Unblock Javascript for Web Management of Switch

Hi,
Running 13.1 64 bit with KDE desktop and Firefox 31 I am trying to manage a switch using the web interface.
I have set the switch IP address as Allow in the browser security settings but am still getting Application Blocked. Your security settings have blocked an untrusted application from running. Here is the Java Console error message:-

Java Plug-in 10.67.2.01
Using JRE version 1.7.0_67-b01 Java HotSpot(TM) 64-Bit Server VM
User home directory = /home/alastair
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
l:   dump classloader list
m:   print memory usage
o:   trigger logging
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
x:   clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------

I have tried openjdk but this is worse.

If I go to the dark side I get slider security settings and more detail on security settings in general and had it working eventually but I cannot find the equivalent settings using Linux. Can somebody please help.
Budgie2

On 2014-08-25 00:56, Budgie2 wrote:
> Here is
> the Java Console error message:-

Java is completely unrelated to Javascript.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

I don’t see any error message in the output you provided.

I have tried openjdk but this is worse.

I can’t comment on that as it would depend on the java application in the device. It might be that a firmware upgrade will fix the issue.

I know that the ‘icedtea-web’ package provides a console (similar to the Oracle Java Contol Panel), which allows how the browser plugin works (including security-related) configuration.

It can be launched with

itweb-settings

On 2014-08-25 02:53, Carlos E. R. wrote:
> On 2014-08-25 00:56, Budgie2 wrote:
>> Here is
>> the Java Console error message:-
>
> Java is completely unrelated to Javascript.

If it is java, and the jre, this is controled with “jcontrol”. In the
security tab, you can edit a list of site exceptions. There is another
tab for managing certificates.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

For the Oracle JRE, this may be helpful, with respect to configuring via the Java control Panel (jcontrol)

http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html#jreexpired

Hi Robin,
Thanks for that!

Hi Deano,
I tried this just in case IcedTea-Web was running but it is not so I am running with Oracle Java plugin, which is what I selected with update-alternatives.
Thanks for the tip.

Hi Deano,
Now I am getting somewhere. I didn’t know about jcontrol till you told me and now I have the security page I recognise from the dark side. Will play with it for a while and see if I can get further.
Many thanks again,
Budgie2
PS. Now I am back to where I was with open Java. The gui image of switch tries to load but it is not there in full. I shall keep trying but at this rate I shall need to recourse to the dark side just to get things done!!!

On 2014-08-25 10:56, Budgie2 wrote:
>
> robin_listas;2661146 Wrote:
>> On 2014-08-25 00:56, Budgie2 wrote:
>>> Here is
>>> the Java Console error message:-
>>
>> Java is completely unrelated to Javascript.

> Hi Robin,
> Thanks for that!

But you have to make sure which it is. Javascript is internal, native
code support, inside the browser. If there are security adjustments,
they are in the browser.

Java is external, supplied by other people, controlled externally. There
is a plugin for each browser so that you can launch java things from web
pages.

But they are different languages, despite the name being very similar.

And security adjustements in the browser for javascript do nothing about
java applets.

So please find out what exactly is your router using, because answers
for one are not valid for the other!

About icedtea.

Many java applications refuse to run with icedtea and require oracle JRE
instead (for instance, all my government supplied software, for things
like tax forms. This they document). Possibly your router does the same.

On the other hand, the oracle JRE rpm package is not recognized as being
“java” by any openSUSE package manager. If you force removal of icedtea
and its replacements, the package manager will also try to remove a lot
of things, like libreoffice.

Thus you need to install the icedtea java packages, except the
“icedtea-web” package, which should be tabooed. Then you install the
oracle JRE and plugin rpm, and tell the system to use that java
implementation by using “update-alternatives”.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

Hi Robin,
Many thanks. I thought it looked like it is Java that is causing the problem but I have Oracle version of plugin installed and still do not get the right picture. If you remind me how to send a screen shot it would save many words. I am beginning to wonder if I have screwed up my system a bit by installing open java and Oracle Java and the respective plugins and un-installing and re-installing. This is what update-alternatives gives me

IBMx3400:~ # update-alternatives --config java
There are 2 choices for the alternative java (providing /usr/bin/java).

  Selection    Path                                       Priority   Status
------------------------------------------------------------
  0            /usr/lib64/jvm/jre-1.7.0-openjdk/bin/java   17147     auto mode
* 1            /usr/java/latest/bin/java                   1         manual mode
  2            /usr/lib64/jvm/jre-1.7.0-openjdk/bin/java   17147     manual mode

Press enter to keep the current choice
[li], or type selection number: [/li]```
  

Not sure of the difference between manual and auto mode but I guess I should only have two entries.


OTOH on the Netgear forum one guy with same diffculty posted "Looking at the source its not JAVA but JAVAScript issue, I have not found a workaround that works for Chrome/FireFox."   

If it is a Javascript issue where should I look?



		 		  		  		 		  		  		  		  		 			 			 			 			 				[[IMG]http://forum1.netgear.com/images/buttons/quote.gif[/IMG]](http://forum1.netgear.com/newreply.php?do=newreply&p=467549)

Budgie2

On 2014-08-25 16:46, Budgie2 wrote:

‘[image:
> http://forum1.netgear.com/images/buttons/quote.gif]’
> (http://forum1.netgear.com/newreply.php?do=newreply&p=467549)

I’m not allowed to look it. It wants me to log-in.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

Hi Robin,
Now I am really lost. All I did (I thought) was a cut and paste of the text. What should I do now to make progress?
Regards,
Budgie2

On 2014-08-25 16:46, Budgie2 wrote:
>
> Hi Robin,
> Many thanks. I thought it looked like it is Java that is causing the
> problem but I have Oracle version of plugin installed and still do not
> get the right picture.

In firefox, open a blank tab, and type “about:plugins”. That will give
you the list of active plugins. You should see this one:

Java(TM) Plug-in 10.67.2

File: libnpjp2.so
Path: /usr/java/jre1.7.0_67/lib/amd64/libnpjp2.so
Version: 10.67.2
State: Enabled
Next Generation Java Plug-in 10.67.2 for Mozilla browsers

If you see an entry about icedtea, you should remove the “icedtea-web”
package. Or disable it in “about:addons”.

If the java plugin entry is missing, well, then you know you have a
problem there.

> If you remind me how to send a screen shot it

Just upload it to susepaste.org, and post the link here. Make sure it is
very compressed: the larger the file, the less time it allows the file
to be hosted.

> plugins and un-installing and re-installing. This is what
> update-alternatives gives me
>
>
> Code:
> --------------------
> IBMx3400:~ # update-alternatives --config java
> There are 2 choices for the alternative java (providing /usr/bin/java).
>
> Selection Path Priority Status
> ------------------------------------------------------------
> 0 /usr/lib64/jvm/jre-1.7.0-openjdk/bin/java 17147 auto mode
> * 1 /usr/java/latest/bin/java 1 manual mode
> 2 /usr/lib64/jvm/jre-1.7.0-openjdk/bin/java 17147 manual mode
>
> Press enter to keep the current choice
> , or type selection number:
> --------------------

That’s the same I have, so it is correct.

>
>
> Not sure of the difference between manual and auto mode but I guess I
> should only have two entries.
>
>
> OTOH on the Netgear forum one guy with same diffculty posted “Looking at
> the source its not JAVA but JAVAScript issue, I have not found a
> workaround that works for Chrome/FireFox.”
>
> If it is a Javascript issue where should I look?

Unsure.

What addons do you have, if any? Some of them block scripts.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

On 2014-08-25 23:56, Budgie2 wrote:
>
> Hi Robin,
> Now I am really lost. All I did (I thought) was a cut and paste of the
> text. What should I do now to make progress?

No, you pasted a link to quote the answer you got on the netgear forum,
so that we can read it. And I tell you that it is impossible to read it,
because that site wants me to enter a login and password.

In fact, the link is a link for posting a reply there:

http://forum1.netgear.com/newreply.php?do=newreply&p=467549

See the “newreply” keyword there?

So if you want me to have a look at that text, please post a proper link.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

Hi Robin,
Please forgive. I wondered why the Quote button appeared. It was a slip of the mouse which is old mechanical Kensington Expert Mouse which has a will of its own and clearly needs cleaning .

Meanwhile thanks for your previous post. All is as it should be with no IcedTea. I disabled all my protection extensions and still I only get a corrupted image. Will try and get back to you with screenshot but tied up with work for rest of today.

Regards,
Budgie2

On 2014-08-26 13:06, Budgie2 wrote:

>
> Hi Robin,
> Please forgive. I wondered why the Quote button appeared. It was a
> slip of the mouse which is old mechanical Kensington Expert Mouse which
> has a will of its own and clearly needs cleaning .

Ah, I see.

> Meanwhile thanks for your previous post. All is as it should be with no
> IcedTea. I disabled all my protection extensions and still I only get a
> corrupted image. Will try and get back to you with screenshot but tied
> up with work for rest of today.

Look. Just open the web page of your router. Then, if in firefox, select “view source code”, or ctrl-u.
You will get another window, like this in my case:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<!--<title>TP-LINK</title>-->
<link rel="Stylesheet" href="./css/main.css" type="text/css" />
<script language="javascript" src="./js/oid_str.js" type="text/javascript"></script>
<script language="javascript" src="./js/str.js" type="text/javascript"></script>
<script language="javascript" src="./js/err.js" type="text/javascript"></script>
<script language="javascript" src="./js/lib.js" type="text/javascript"></script>
<script language="javascript" src="./js/3g.js" type="text/javascript"></script>
<link rel="Shortcut Icon" href="./img/icon.jpg" type="image/jpeg" />
<meta http-equiv=Content-Type content="text/html; charset=utf-8" />
</head>
<body>

As you see, my router is clearly using javascript.

Now, try this link:

http://java.com/en/download/installed.jsp

That’s a web page to test if java is installed properly. Unfortunately, view code does not work.
Pressing the “verify java version button” opens a grey box that says “activate java”.
Right click, inspect element, allows you to see the code.

<param name="image" value="/im/download/verify_anim.gif"><param name="centerimage" value="true"><param name="boxborder" value="false"><param name="jnlp_href" value="JavaDetection_applet.jnlp">

Clicking on the box pops a dialog asking to allow (and perhaps remember) the applet to run.
And probably then another dialog open, this time asking if you want to allow an application to run, ad gives you information about it.
You may then see a “java console” window. And then, you should get a text in the browser that says:

+++······
Verified Java Version
Congratulations!
You have the recommended Java installed (Version 7 Update 67).
······+±

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

Hi Robin, very many thanks for being so patient with me and a thousand more thanks for taking time to help. I am learning about stuff I never knew existed.

Last things first, if allow the Java site app to run it confirms **You have the recommended Java installed (Version 7 Update 67).

**The Ctrl-u command was something new to me and a great surprise. It revealed the source from the switch /base/cheetah_login.html with over 400 lines of script but the top few lines confirm javascript and then I suspect may identify my problem:-

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<HEAD>
   <LINK REL=stylesheet HREF="[/base/style.css](http://forums.opensuse.org/view-source:http://192.168.169.189/base/style.css)" TYPE="text/css">
<META http-equiv="Pragma" content="no-cache">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <!-- Style Sheet link and Meta data     -->
   <TITLE>NETGEAR M4100-D12G</TITLE>    <!-- Netgear Page Title     -->

<script  src="[js/ng_tabs_Layer2.js](http://forums.opensuse.org/view-source:http://192.168.169.189/base/js/ng_tabs_Layer2.js)" type="text/javascript"></script>
<script  src="[/base/js/ng_help.js](http://forums.opensuse.org/view-source:http://192.168.169.189/base/js/ng_help.js)" type="text/javascript"></script>
<script  src="[/base/js/rollover.js](http://forums.opensuse.org/view-source:http://192.168.169.189/base/js/rollover.js)" type="text/javascript"></script>
<script  src="[/base/js/browser.js](http://forums.opensuse.org/view-source:http://192.168.169.189/base/js/browser.js)" type="text/javascript"></script>

</head>

<!-- Preload All images so that IE6 has no problems -->

I could be wrong but I guess that by making things so that IE6 has no problems, everybody else does have a problem but that is just a shot in the dark. Do you want me to try and send you the whole script?

Regards,
Budgie2

On 2014-08-26 16:26, Budgie2 wrote:

> *The Ctrl-u command was something new to me and a great surprise. It
> revealed the source from the switch /base/cheetah_login.html with over
> 400 lines of script but the top few lines confirm javascript and then I
> suspect may identify my problem:-
>
>
> Code:
> --------------------
> <!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN”>
> <html>
>
> <HEAD>
> <LINK REL=stylesheet HREF="’/base/style.css’ (http://tinyurl.com/o2dlen9)" TYPE=“text/css”>
> <META http-equiv=“Pragma” content=“no-cache”>
> <META HTTP-EQUIV=“Content-Type” CONTENT=“text/html; charset=iso-8859-1”> <!-- Style Sheet link and Meta data →
> <TITLE>NETGEAR M4100-D12G</TITLE> <!-- Netgear Page Title →
>
> <script src="‘js/ng_tabs_Layer2.js’ (http://tinyurl.com/ptl9w9d)" type=“text/javascript”></script>
> <script src="’/base/js/ng_help.js’ (http://tinyurl.com/mppxq7y)" type=“text/javascript”></script>
> <script src="’/base/js/rollover.js’ (http://tinyurl.com/npb6eut)" type=“text/javascript”></script>
> <script src="’/base/js/browser.js’ (http://tinyurl.com/nap6hcd)" type=“text/javascript”></script>
>
> </head>
>
> <!-- Preload All images so that IE6 has no problems →
> --------------------

You have just uncovered another bug in this forum web-to-nntp interface. It has inserted tinyurls in there, pointing to sites such as:

https://forums.opensuse.org/view-source:http://192.168.169.189/base/js/ng_tabs_Layer2.js

I had to go look on the web side to find out. Let me see if I can paste it again:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<HEAD>
<LINK REL=stylesheet HREF="/base/style.css" TYPE="text/css">
<META http-equiv="Pragma" content="no-cache">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <!-- Style Sheet link and Meta data     -->
<TITLE>NETGEAR M4100-D12G</TITLE>    <!-- Netgear Page Title     -->

<script  src="js/ng_tabs_Layer2.js" type="text/javascript"></script>
<script  src="/base/js/ng_help.js" type="text/javascript"></script>
<script  src="/base/js/rollover.js" type="text/javascript"></script>
<script  src="/base/js/browser.js" type="text/javascript"></script>

</head>

<!-- Preload All images so that IE6 has no problems -->

> I could be wrong but I guess that by making things so that IE6 has no
> problems, everybody else does have a problem but that is just a shot in
> the dark.

It is possible. Or maybe it works for other browsers, and have to do special tricks to make it work on ie6.
But the other browsers could be ie7, ie8…

There are extensions to firefox that tell it to lie to pages and tell them “I’m IE8” or anything. It works sometimes.

> Do you want me to try and send you the whole script?

Unfortunately, I don’t know javascript. But you can certainly upload it to a site such as susepaste, post a link here, and hope somebody understands it.

Not that we know if that would help… if it is javascript security settings blocking, I don’t know/remember where to adjust them.

Also notice that javascript code can be used to launch a java applet, too.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

First you should know that it’s possible to have Java installed but not have the Java browser plugin installed correctly. You need to be sure whatever test you run is testing “Java in the Browser” and not simply checking for installed Java. I posted instructions how to do this recently
https://forums.opensuse.org/showthread.php/500398-Cannot-Find-or-Install-Oracle-Java-Plugin-for-Firefox?p=2660373#post2660373

As for the code regarding IE, you didn’t post the entire code so I can’t be certain but typically is written in such a way that the code is enabled only if the specific browser (IE in this case) is detected. Written properly, the code should not affect other browsers. If there is any doubt in your mind though, you can do what is sometimes possible by saving the web page locally, then edit the code however you wish (eg removing the IE specific code) and then re-opening in a browser. If the web code isn’t dependent on server side processing (highly unlikely when the code is from a SOHO switch), it’ll “just work.”

TSU

Hi Tsu,
Many thanks. I believe I have demonstrated, to myself at least, that I have correct plugin installed in browser. With the open java plugin I get nothing from the switch, with Oracle Java plugin I get a few pixels of activity and all the dire warnings about running unsigned scripts but I can only get workable view of switch from a windoze machine. Your suggested remedy is beyond my capability and all this is taking time away from setting up the Vlans which is what I am trying to do.

The switch is only at the bottom end of the Netgear Office range but they should be ashamed of themselves for releasing such a device. I shall look elsewhere for other L2 switches next time. Meanwhile many thanks for your help and advice.
Regards,
Budgie2