A bug in the Security Awareness course, linked from the BC government infosec pro-D page, initially prevents the course from loading in Firefox. In the minified JS file app.min.js, at what becomes line 40829 upon prettifying using the current Firefox Dev Tools, a string is assigned to a variable if the lowercase of the DOM-provided user-agent string contains “firefox”, where a function should be assigned instead. Particularly, where the prettified version of minified code reads:
n = u.isFF() ? 'window.setTimeout' : function (e) {
return e()
};
it should instead read:
n = u.isFF() ? window.setTimeout : function (e) {
return e()
};
so the value of n would become the built-in function window.setTimeout, not the string 'window.setTimeout'.
Uncorrected, this causes the script to fail with a TypeError at what becomes line 40843 (as above), when n is called as a function, as follows:
n(function () {
i && (f = m(), e())
}, 250)
Patching the code as above resolves the bug. (So does spoofing the UA string of any desktop browser besides Firefox.) The bug would of course have to be fixed in the original, un-minified code. To that end, I would’ve forked the repository and filed a PR for this, but the un-minified version of the code in question does not appear to exist anywhere in the public GitHub repos of Province of BC. Perhaps it originates from an external dependency, or from a dependency in a private repo.
Solving this bug would prevent confusion and delay for anyone using Firefox while taking the public ISA course.
A bug in the Security Awareness course, linked from the BC government infosec pro-D page, initially prevents the course from loading in Firefox. In the minified JS file app.min.js, at what becomes line 40829 upon prettifying using the current Firefox Dev Tools, a string is assigned to a variable if the lowercase of the DOM-provided user-agent string contains “firefox”, where a function should be assigned instead. Particularly, where the prettified version of minified code reads:
it should instead read:
so the value of
nwould become the built-in functionwindow.setTimeout, not the string'window.setTimeout'.Uncorrected, this causes the script to fail with a
TypeErrorat what becomes line 40843 (as above), whennis called as a function, as follows:Patching the code as above resolves the bug. (So does spoofing the UA string of any desktop browser besides Firefox.) The bug would of course have to be fixed in the original, un-minified code. To that end, I would’ve forked the repository and filed a PR for this, but the un-minified version of the code in question does not appear to exist anywhere in the public GitHub repos of Province of BC. Perhaps it originates from an external dependency, or from a dependency in a private repo.
Solving this bug would prevent confusion and delay for anyone using Firefox while taking the public ISA course.