Anti-Virus, the validation killer
A Validation Problem
Validating your document is a good idea. If your document validates, your code is correct, which means it’s likely to be well structured, and it will definitely work on any browser which supports the doctype you’re using (you are specifying a doctype, right?)
Earier today I was working on mattwilcox.net when I decided to check that the dev blog validated correctly. It didn’t validate, which wasn’t too surprising as I’d not even finished the PHP code yet. I went through my script and tidied up the bits that were broken and re-submitted the page for validation (I use the W3C Validation Tool, which is great). My page still didn’t validate, and upon closer inspection of the offending code I hit a puzzle. The bit that was breaking the validation was an old-style HTML
What could be causing foreign code to appear inside a HTML page? I feared I might have a virus and promptly did a system sweep with Norton and AdAware. Apart from a few tracking cookies nothing was picked up. OK, so my problem was not a virus. Next possibility on my list was the server was fiddling with my pages. I checked it out on my other PC and again the modified code appeared. Maybe it was something on the server?
<script> tag, which was what the Validator was picking up as invalid code.
I thought about this for a while and suddenly wondered how often Norton’s little trick was killing pages I view. I visited the LAW forums where I was greeted with the usual PHP errors, as seen below: I then disabled Norton and refreshed the page: to find that all the errors disappeared. I have no idea how Norton is managing to generate PHP errors, but the effect was 100% reproducible.
Protects your computer from viruses transmitted through the Internet, checking all files you download from the Internet, including Java Applets and ActiveX controls.
Unfortunately the only ways I have found to turn the feature off are to either make html/htm/php/asp pages an exception to the filter; which leaves you open for real virus attacks, or to disable the whole thing while you’re surfing; which is even worse.
I still haven’t found an acceptable solution, if you find one, please let me know!