Javascript Filtering
It’s the first time, I’ve seen a page that modifies Javascript on-the-fly to prevent it from causing XSS. So kudos to Juniper for getting their SSL VPN solution to work so well. The clever thing is that when a externally referenced page is loaded, the Juniper Javascript is used to modify the Javascript references in the external page. The Juniper Javascript are in files loaded from the SSL VPN server and perhaps more importantly, they are loaded up first before any action from the external page takes place. The SSL Javascript has code to assess DOM objects and deny any general skulduggery.
There maybe ways to break it, including blatting out each and overriding every function and possibly using the