Many owners will encounter a problem, the website added CNZZ of JS statistical code, Chrome browser warning: prevent cross-site scripting parser blocked by document.write call (A parser-blocking, cross site script, XXXX.js is invoked via document.write.). The warning may cause unsafe HTTPS page appears sometimes even make your site using EV SSL certificates show that there is no problem such as green address bar. This article will take you to find out the cause of the error, solve the problem of Chrome CNZZ statistical error of the code.
The specific content of the warning
Check the Chrome Developer Tools (press F12 to view the console), the site can find out whether the existence of such warnings (warnings). Under normal network conditions, this type of error does not affect the display HTTPS pages, but in a bad connection, etc., resource loading may be prevented, which may lead to an HTTPS page appears insecurity prompted.
The warning of the specific content:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://s22.cnzz.com/z_stat.php?id=XXXX.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity.
Translation:
A cross-site scripting XXXX.js parser blocked by document.write calls if the network connection device is poor, the script network requests may be blocked by the browser on this page or the next page load.
Why is there a warning?
Google Chrome 55 version from the beginning of the intervention loading "by document.write inserted parser block cross-site scripting", improve page loading speed.
According to Chromestatus statements, such as connection speed for slower 2G like users, third-party script document.write loaded, the performance loss is usually so severe that the home page will display the contents of tens of seconds delay.
Before the browser renders the page, it is necessary to build a DOM tree by parsing the HTML tags. Whenever the parser encounters a script, it must stop and execute the script in order to continue parsing HTML. If the script dynamically insert another script, the parser will be forced to wait longer to download resources, which may lead to one or more network round-trip delay and the first page of the presentation time.
Chrome from the 55th edition began to intervene on behalf of all users, in particular, when all of the following conditions are met, Chrome will not execute () document.write inserted by the <script> element:
- The user is slow connection , in particular using the 2G network user (such intervention may be extended in the future to other users with slow connections, such as slow 3G or WiFi).
- Document.write () in the Top layer document.
- Document.write () in the script is a script parser blocked . But the script has "asynchronous" or "delay" properties will be executed properly.
- The script is not hosted on the same site. In other words, Chrome browser will not intervene (for example, hosted on js.example.org scripts into the www.example.org) for matching eTLD script + 1.
- The script has not been in the browser HTTP cache. Cache script does not cause network delays, it will still be executed.
- The requested page is not reloaded. If the user triggers a reload Chrome will not intervene, it will perform as usual page.
- Sometimes using a third-party segment Document.write () to load the script. By providing third-party asynchronous loading alternative, allow third-party scripts to load without blocking the remaining contents of the page display.
Solution
To fully display the website address bar green, only to give up CNZZ statistics yet? of course not.
The solution is to change the site's general CNZZ JS code is asynchronous statistical code. Examples are as follows:
Original statistical code:
<script src="https://s22.cnzz.com/z_stat.php?id=XXXXXXX&web_id=XXXXXX" language="JavaScript"></script>
Rewrite asynchronous statistical code:
<script> var cnzz_s_tag = document.createElement('script'); cnzz_s_tag.type = 'text/javascript'; cnzz_s_tag.async = true; cnzz_s_tag.charset = 'utf-8'; cnzz_s_tag.src = 'https://w.cnzz.com/c.php?id=XXXXXXXX&async=1'; var root_s = document.getElementsByTagName('script')[0]; root_s.parentNode.insertBefore(cnzz_s_tag, root_s); </script>
Please copy the code above, rewrite web page needs to be placed in the statistics after statistics id, Note: After adding a good asynchronous statistical code, be sure to delete the original statistical code, otherwise the statistics will be double counting.
After measurement site, updated asynchronous statistical code, Chrome warnings for CNZZ statistical code has disappeared, web pages and statistical functions are normal. The remaining warning is a warning of SSL certificates Baidu Chrome to bridge the Symantec certificate expiring in sanctions policy, are beyond the scope.
So far, Chrome CNZZ statistics about the use of HTTPS pages error code, it is completely resolved.