JavaScript Syntax Error in admin.ajaxWatcher.js

Wordfence produces a Syntax error exception after an AJAX request returns a 404 error.

Steps to reproduce

1. Install Wordfence and use default setup.
2. Create a tiny plugin with the following AJAX callback:

function davilera_get_post() {
  // Let's assume we looked for the specified post, but we couldn't find it.
  header( 'HTTP/1.1 404 Not Found' );
  wp_send_json( "Post $post_id not found." );
}
add_action( 'wp_ajax_davilera_get_post', 'davilera_get_post' );

3. Go to your browser, open the developer tools, and execute the following JavaScript snippet:

jQuery.ajax({
  url: ajaxurl,
  data: {
    action: 'davilera_get_post',
    postID: 999999
  }
});

Expected results

The AJAX request fails (404 error), nothing weird happens.

Actual results

The AJAX request fails as expected, but this results in an uncaught JS Syntax error:

Uncaught Error: Syntax error, unrecognized expression: "Post 999999 not found."

Discussion

Looking at the stack trace, the problem occurs in Wordfence’s script admin.ajaxWatcher.js line 17:

var responseDOM = $(jqXHR.responseText);

Why do you assume responseText will be a jQuery selector/node? In this example, the AJAX response is a simple string, but it could be anything else.

Thanks for addressing this issue!

• This topic was modified 8 years, 7 months ago by David Aguilera.