ID:2602776
 
BYOND Version:513
Operating System:Windows 10 Pro 64-bit
Web Browser:Firefox 79.0
Applies to:Dream Seeker
Status: Open

Issue hasn't been assigned a status value.
Descriptive Problem Summary:

There appears to be some kind of problem with internal logic in dream seeker injecting unexpected HTML comments, namely:
<!--[if lt IE 7.]>
<script defer type=text/javascript src=pngfix.js></script>
<![endif]-->

In a browse() call, even if that browse() call targets a non-.html file. The procedure to reproduce this is unknown; we can't determine the cause of BYOND deciding to randomly inject this.

Note, I believe this is a Dream Seeker bug rather than any other BYOND program, because greping for 'pngfix' in BYOND/bin only returns results for the dreamseeker.exe binary.

This is a major problem because of the following code:
https://github.com/CHOMPStation2/CHOMPStation2/blob/master/ code/modules/asset_cache/asset_cache_client.dm#L36
This expects to be able to send the client a .json file, which is then decoded here:
https://github.com/CHOMPStation2/CHOMPStation2/blob/master/ code/modules/asset_cache/asset_cache_client.dm#L20
However, when Dream Seeker arbitrarily decides to inject that HTML comment for pngfix.js, json_decode fails with the following runtime:
DEBUG: Runtime in asset_cache_client.dm,20: Unknown value: <!--[if lt IE 7.]>
<script defer type=text/javascript src=pngfix.js></script>
<![endif]-->
{"tgui.bundle.js":"c0bbd68930f4d921779162831a190dce","tgui.bundle.css":"30bb1c220ba430325522a7d8f3967ff6","search.js":"67b4c228a9cb9de9a58f56c07e299921","panels.css":"75ca83cdaf7a15f71067a3ab76b41d4d","loading.gif":"269fb9cf00c1e2795411e8c44e999b66","ntlogo.png":"0e9896b601031f3f3fb539ae285f4f2e","sglogo.png":"a39a4f27a272a0662e87ba21b876bfa8","talisman.png":"e54df748531c4c106bb187621043c953","paper_bg.png":"4a71acbb8335024857221b9818b3f8fa","no_image32.png":"cc263d3983b05be6c32819633e06d66e","88x31.png":"80fb4a8b9dd7c600afda07b3d3c5efa4","bug-minus.png":"6816b5d7b81e796c6b09c33fb7431e0a","cross-circle.png":"e2ad9ad625438f0d1867ee0774b79378","hard-hat-exclamation.png":"f12dca53f0a38ccbcb935ebbec3cf837","image-minus.png":"f8d9679218bc839c613915cc3c0c886f","image-plus.png":"ba43ef719db5f00717db45b783e04e2d","map-pencil.png":"fac2191405e89fdd11a76be7c4282488","music-minus.png":"f05d4816bdf289a59e1c845a94269f64","music-plus.png":"a9c144b70fb963a0e3bd6c257dd30c60","tick-circle.png":"8d145bbcf8cc38c5a29514a851842bf4","wrench-screwdriver.png":"d38ad28e65be85f62bf25a3534b89313","spell-check.png":"6091f5e15bf9b30a2c959bd474e5bc9e","burn-exclamation.png":"6f607d11bd5b0d052c9a02cc28845828","chevron.png":"79ff34807c6716487a8a8d7317010fc2","chevron-expand.png":"aede4d8a5f72039560515886de1306f8","changelog.css":"c167ef71ee1f390b031997ecc7a47bb4","changelog.js":"d8e11b3321e84c1c0fe3e7cf1c8e3526","changelog.html":"cb2ed29606c2f9b8aeb9b31505fdc4e7","fa-regular-400.eot":"fc9c63c8224fb341fc933641cbdd12ef","fa-regular-400.woff":"e5770f9863963fb576942e25214a226d","fa-solid-900.eot":"ef3df98419d143d9617fe163bf4edc0b","fa-solid-900.woff":"4bced7c4c0d61d4f988629bb8ae80b8b","font-awesome.css":"b7b0fc427ae028cde1fe3356abfee869","v4shim.css":"e140a7d32f343530f016095df3cc2ae4","pipes_32x32.png":"007d33cd301360d1c21d15963ce3218f","spritesheet_pipes.css":"41ee300f2fceeab13a1a30c5217bed48","icons.css":"f689bc3d50b8a1a68f0fa288fc541610","layout_basic.css":"5496773f36f8a37f75ca873df76ddbdb","layout_default.css":"edcaec58e8e716be826d7e1a85329068","shared.css":"f885129dd52ad6f382efce0d4f23bfd3","shared_vr.css":"b78f826d293778deb3a1f9e16a77e996","nanomapBackground.png":"4721e4b3a1cdd23f49e16aeead178337","nanomap_z1.png":"8268290e9335ba48b1ef6ee4c33eaf3b","nanomap_z10.png":"e8dabb0893d88207f4a49b69792e3aae","nanomap_z13.png":"0dec3b25f13c2ff64c96197c45c7c46e","nanomap_z14.png":"65cc15af4a4c2a7864d5ef8e4dbfce3d","nanomap_z2.png":"3d93b64cf27d2f0a50eef863cadaa4fe","nanomap_z3.png":"ab0cef5d431130f8c3ca3855b76885c6","nanomap_z4.png":"1ea2bbaa9539f7d6b8cae874e2a74012","nanomap_z5.png":"f951e7060bc4825247272548ba51a3ba","nanomap_z6.png":"4610a423c6938b9387c57fdae1966bbb","pills32.png":"466e3d66a14538adcfd24bbcd981490c","southern_cross_nanomap_z1.png":"92da041aeab28645eb192b3000868c0d","southern_cross_nanomap_z10.png":"ceb72201978e1e75f9937ceb4d87ae7e","southern_cross_nanomap_z2.png":"8891eb2c08c189dadd32e52d9084c508","southern_cross_nanomap_z3.png":"6172a3fae7c94fdd8eb2e6d652759e92","southern_cross_nanomap_z5.png":"5e8ecb7ce8735aeaceba726452454a2b","southern_cross_nanomap_z6.png":"91709c6420a1f4230447a817b0e74d6f","tether_nanomap_z1.png":"0d4a058e8d1cc6af9cd530735b507d68","tether_nanomap_z10.png":"84360383386e896d4f4bbf615f9dab64","tether_nanomap_z13.png":"0dec3b25f13c2ff64c96197c45c7c46e","tether_nanomap_z14.png":"65cc15af4a4c2a7864d5ef8e4dbfce3d","tether_nanomap_z2.png":"41be04655f9268edabf0cd1fb4c2812d","tether_nanomap_z3.png":"29109f262893476c4aae9659c7fd0657","tether_nanomap_z4.png":"6958dd54f7779c914f0310d8533268a9","tether_nanomap_z5.png":"8623c2647f6eef27c2b8626fe95579b2","tether_nanomap_z6.png":"7385892e850d2ac9f31f4d4fc42c72ac","tether_nanomap_z7.png":"8e79f0db64f2b21a58db83736d3e5fcf","tether_nanomap_z8.png":"0d4d3b86cffb06f927f1d3e14cfd4db1","tether_nanomap_z9.png":"ce4ba54f43a5d95cec5fac162666af44","uiBackground-Syndicate.png":"bf146e0ee0aa2b104adbf05f1547b392","uiBackground.png":"112ea3a9f448635e3e643a463e719e27","uiBasicBackground.png":"12b20c98e2e895d8d1014f36a6afc8fb","uiIcons16.png":"1c10cae5688ba204099fda97e6e5de3d","uiIcons16Green.png":"6d2aab1c475cacd86a2466d596a733db","uiIcons16Red.png":"b529dc5478488f5b0ee3a4bda061e4d0","uiIcons24.png":"f8373baaaec29aa49492ff3d2b6e7490","uiIcons64.png":"bfe5ebf782428f9e9b161e01783efcdf","uiLinkPendingIcon.gif":"6e62ab644a0b1fb1aedf549c424de751","uiMaskBackground.png":"16bd2ac98c389cb7002cd53fe145c8af","uiNoticeBackground.jpg":"710fe2a6edfed42d8d48d61269810ec1","uiTitleFluff-Syndicate.png":"2edbc4d5eaa9854b89b5d8039b762eb4","uiTitleFluff.png":"fcfd01f620cf4e21b57c7caacdcb04e6","alarm_green.gif":"ff33a4668c97a68fed4ee7e212d2b84d","alarm_red.gif":"e1ec55c71398cc89741b2c90bf3fbe32","batt_100.gif":"a7e541086de98fe1807c3a9864971a54","batt_20.gif":"0e77d7abcc14c6238e07509544ad5826","batt_40.gif":"2330a0160872d832ded0d595e2cc1fe5","batt_5.gif":"59900c487722bd9c3d1504c2c719ca47","batt_60.gif":"bda0bbb2cfee96da05ed4d6bb7ab6aff","batt_80.gif":"274128ccac21905d89b8783ec25331a5","charging.gif":"0a00e80ced53a9d3c1dec4788cae0352","downloader_finished.gif":"3d43aefc38d347ec394e34199fee51c6","downloader_running.gif":"dfd42f07e6369eb56eee09af71f90e31","ntnrc_idle.gif":"f87caad1bab2a3c58abfd8fd092cddf4","ntnrc_new.gif":"deddaef27a4cfdc6f2cbf9892b297070","power_norm.gif":"ed3998c32362b4fcb2cd03b59d4dbc1a","power_warn.gif":"91451ce3d7bb85c4652da07d2c25108b","sig_high.gif":"41f5884df6ad16798cb4391bfb1c9db8","sig_lan.gif":"03fed3cdbaca7e846640c58fc6af78a6","sig_low.gif":"939721b919d99ba34cfbba9d011fe6d0","sig_none.gif":"da8b8a925718a958dc94886e1d02eafc","sig_warning.gif":"0ca5cf0477c9c3b54c9ad3d4550057fb","smmon_0.gif":"30fc71ef9864a6eee26698915e521310","smmon_1.gif":"a6bdf0904b925549e13946862b020407","smmon_2.gif":"f0d6bb54179806feadebecd0f5927f49","smmon_3.gif":"5806a26e1c4571cc89af03770bc3b17c","smmon_4.gif":"4433329541e4ba1988b44234b37d96d5","smmon_5.gif":"4c759250fafe8f6c58b0d6f7537366d4","smmon_6.gif":"5e2f686bf8e6cab2630342c39520bf8c","libraries-old.min.js":"d473dcc29d731d8932667f25af722af3","libraries.min.js":"09828d414d1815b76b8b714829bdb1a3","nano_base_callbacks.js":"b49bd4e1326fd1badcc833334881097a","nano_base_helpers.js":"051c1bbfdb726eef416805f53d13d799","nano_state.js":"327b868166b8c5d26a9aaaf0f35132ea","nano_state_default.js":"27ebdd4668779dd9dbba483cf09040f1","nano_state_manager.js":"52d2961a3d9fc4adefd8728f95b6eb76","nano_template.js":"428f0be3ea7b90304cad5e6b5643579f","nano_utility.js":"e55f94c240088cd8ac56484ca90f63c3","nano_templates_bundle.js":"70c3d3f94d8761c7ea06855a76105e5c","pill1.png":"e09c837f351327f8904c9b6891bb405e","pill2.png":"2c85f54a74853bf22bf2b14ae9cc7ed2","pill3.png":"d0a7eb82f9eef3c373c0f3dce670eadc","pill4.png":"829d19c38ea7706efb9e8986d4580372","pill5.png":"875c40e0c0d2ad984ba8290b4d78c1d3","pill6.png":"d2d7c292c64699b3c411f27f93dd65a2","pill7.png":"afa701d05fe74ae384d90a358bb0316b","pill8.png":"d34bd201dbd29b069d3f35935b546e1e","pill9.png":"b928e15c8cb06ce07e8c0a468dc6cb4e","pill10.png":"14271d76b2e26e11ca2d5462aae2eed7","pill11.png":"1602a5ca1026e7c17a4a975816545d0a","pill12.png":"42ce6b77ebb3520c80fee26fd27bade2","pill13.png":"a3646fe3175c4e7faf4219646fe7734d","pill14.png":"0022b74e51ff55608b4183440c4cf6a4","pill15.png":"6059e12aaa90a1c72b308af0ed7d34ee","pill16.png":"8224cb113850d6c8f02a1c0a4a94d8ba","pill17.png":"f36ff5a04d1b1fdd8f9ae209c60e6eec","pill18.png":"f2afeafff6fd509014896af631954f36","pill19.png":"140db725c84c8252e78081054181781d","pill20.png":"beb703b0d168369deaa02585fa983633","pill21.png":"d00f35fbb7b2edde069c81242fbf3296","pill22.png":"f62d229031e8cf182f71adeaa11ed5a6","pill23.png":"fd80d2434052d910ece11ad742d2812a","pill24.png":"3bd92a2b32ddb6db65ec3096535157a4","bottle-1.png":"daec344f6e986c3f6b2e50bb870e5622","bottle-2.png":"71afc105c16881693071d361bfe2bcf3","bottle-3.png":"5f9b66904ba49974540a4caa3dd61d86","bottle-4.png":"1af15c32f1d788c0d72a375ed5f952c0","sleeve_empty.gif":"cdc8e87abafceb559710af61ac65baee","sleeve_occupied.gif":"2656f7d8ce7f535cababaa198d799700","synthprinter.gif":"7d0c5e52e98adbd8ed26658358159bc5","synthprinter_working.gif":"86b227ad459473ec3e3075133a5670e7","pod_idle.gif":"fd56b31b230377b134e3eb2d2d3ed0c2","pod_cloning.gif":"2638b42a182343291468fdf04a498260","pod_mess.gif":"33b4a4c8b6cd9d268ac8a1074dcebe64"} [view]


Numbered Steps to Reproduce Problem:
Steps to reproduce this are unknown. Testing with an XP VM running IE6 doesn't appear to trigger whatever codepath within Dream Seeker decides to inject the pngfix.js comment. We haven't been able to figure out what client *does* trigger the runtime, only that most players do not encounter the issue.

Expected Results:
Dream Seeker wouldn't arbitrarily decide to inject an HTML comment into a browse()'d JSON file, thus causing json_decode() on that file's contents to runtime

Actual Results:
Some old workaround or something causes Dream Seeker to arbitrarily inject an HTML comment into a browse()'d JSON file, thus breaking json_decode() when it's called with that file's contents

Does the problem occur:
Every time? Or how often? Some specific client is triggering the codepath that leads to this, which then leads to the runtimes, but we don't know who it is or what system they're running.
In other games? Unknown
In other user accounts? Presumably an OS bug
On other computers? Presumably an OS bug

When does the problem NOT occur?
For any player that doesn't meet whatever internal conditions Dream Seeker checks to decide to inject pngfix.js

Did the problem NOT occur in any earlier versions? If so, what was the last version that worked? (Visit http://www.byond.com/download/build to download old versions for testing.)
The pngfix codepath seems to have been created some time between BYOND 350 and BYOND 400, which would indicate that this bug has probably existed since at least BYOND 400, though it probably wouldn't have ever caused an issue until json_decode was added in BYOND 510.1320.

Workarounds:

You can disable this in the interface editor:



The code is injected because IE7 can't render PNG transparency.

Mind you, you'll have to switch from browse() to output(), but browse() is more of a legacy proc at this point anyways, output() to an interface element is far more powerful.
I'm not sure that approach is possible in this case, as we're using browse() to send arbitrary content to a specific file name. We don't actually want to send the data to any interface, we're just trying to create a file in the client's cache that will stay there between restarts, so that we can check what data has already been sent to them and what we need to send again.
This is probably more in the realm of a Feature Request for browse() to have a flag to disable the auto format than a bug report then.
work around

https://github.com/tgstation/tgstation/pull/51202/ files#diff-e9b841fdf3357c5888ab207ac587e749R118

also you can do this via winset, the browser is created inside the window, and the window's skinid is the one you gave it in browse.

also browse() created windows already have this set to false as that became the default, its just that the asset_cache_browser skincontrol the asset cache uses doesn't have this set because of how old the skin control is.
Do you have a test case I can use to examine this?

I might end up pulling out the legacy stuff anyway because I don't think it's relevant anymore, but it'd be good to at least see what's causing this.
Unfortunately, I couldn't replicate it, regardless of IE version that I tried to connect to the server, and I went as far as getting a windows XP VM set up to try connecting with IE6, and it still didn't trigger this behavior. We just noticed the runtime happening a few times on our live server without the client that caused them listed in the runtime.