Automatically downloaded safari.jsp file. What is it?

Sounds like poorly-coded web sites. A .jsp file is supposed to be code that runs on the web server and returns HTML code to your browser. You should never actually see the .jsp file if the server is functioning correctly.

Thats a JavaServer Pages file, maybe from a page that used JSP code Safari did not understand and somehow forced Safari to store it. It is really just a suggestion, but there are actually many users experiencing the same problem, it does not seem to be a hacking intent, rather likely a Safari problem.

Thats a JavaServer Pages file, maybe from a page that used JSP code Safari did not understand

As I said above, JSP code is executed on the server, not in the browser, so the user should never see it. It's definitely not a Safari problem, it's a server problem.

it does not seem to be a hacking intent

Unless you've got a web server capable of executing JSP code running on your machine, there's no way it could possibly be meant to hack you. (I'm pretty sure the built-in web server that can be turned on via web sharing does not support JSP.) This would be a pretty lame hack, since there are probably very few people who could actually run it on their personal machines!

It is almost definitely a problem on the user end. This started happening to me right after I updated to 10.6.6. I am visiting the same websites I have always visited and I have never had this happen before. It is also happening somewhat frequently. I would say this isn't as much a security risk as it is an annoyance that I hope is remedied soon. Safari would download a file named safari.jsp from some websites and open it with my citrix client. When I uninstalled my citrix client it started opening in Textedit.

As has already been said, .jsp files are +executed on the server+ and not transmitted to the client as .jsp files. In other words, the .jsp file runs on the server and generates some - if not all - of the HTML code that is then sent to your browser. If, instead, the raw .jsp source files are being saved to your hard drive, that is a server issue... and potentially a very serious security issue for the site involved, since their .jsp source code is being accessed, potentially revealing MySQL database passwords or other information that should never be seen by the client.

Mr. Reed:

I believe what you say. However, it does not make it any less true that numerous websites cause Safari to download a .jsp file to my computer and that subsequently tries to be open by my Citrix program. These files are named "safari.jsp". They are of zero size. I have opened them with Text Edit and they contain nothing. Other than telling me it is not happening, do you have any other suggestions?

Other than telling me it is not happening

Where did I say that?

do you have any other suggestions?

I'd guess contact the makers of Citrix. It can't be coincidence that it has been implicated here by two people with this issue.

Edit: you also might want to be more specific about what the "numerous" sites are that you're seeing this problem with.

This is from the Get Info window of the files that are currently in my Download folder. I will post as I collect others. Thanks


http://chicago_cbslocal.us.intellitxt.com/safari.jsp?x=1&t=1295462149545, http://chicago_cbslocal.us.intellitxt.com/safari.jsp?t=1295462149435
http://foxtv2.us.intellitxt.com/safari.jsp?x=1&t=1295619904885, http://foxtv2.us.intellitxt.com/safari.jsp?t=1295619904714
http://theindychannel.us.intellitxt.com/safari.jsp?x=1&t=1295713241000, http://theindychannel.us.intellitxt.com/safari.jsp?t=1295713240840
http://contactmusic.uk.intellitxt.com/safari.jsp?x=1&t=1295471992009, http://contactmusic.uk.intellitxt.com/safari.jsp?t=1295471991724
http://wwtdd.us.intellitxt.com/safari.jsp?x=1&t=1295464465055, http://wwtdd.us.intellitxt.com/safari.jsp?t=1295464464507
http://nationalreview.us.intellitxt.com/safari.jsp?x=1&t=1295613807330, http://nationalreview.us.intellitxt.com/safari.jsp?t=1295613807173
http://ntcompatible.us.intellitxt.com/safari.jsp?x=1&t=1296061885427, http://ntcompatible.us.intellitxt.com/safari.jsp?t=1296061885273
http://theindychannel.us.intellitxt.com/safari.jsp?x=1&t=1296127724556, http://theindychannel.us.intellitxt.com/safari.jsp?t=1296127724483
http://slashphone.us.intellitxt.com/safari.jsp?x=1&t=1296056076651, http://slashphone.us.intellitxt.com/safari.jsp?t=1296056076173
http://newyork.cbslocal.us.intellitxt.com/safari.jsp?x=1&t=1295998418669, http://newyork.cbslocal.us.intellitxt.com/safari.jsp?t=1295998418634

It's a server problem, as I said. None of those sites (at least, a reasonable random sampling of them) will load at all for me, in either Safari or Firefox. (They do not download zero-byte .jsp files, they simply show as completely blank pages.) The servers' JSP code is broken, and your machine has probably been set by Citrix to do something special with these, which is why you're seeing a download instead of a blank page.

I have been having this problem also. It is recent, seems random, though it has popped up on sites like MSNBC.

Try downloading the latest version of Citrix. I have done so and, for the moment, these have gone away.

Message was edited by: ppakoe

Beginning about mid-January (following 10.6.6 update) I started seeing these files as well. Since the first few incidents appeared while visiting Google Mail and Google Reader, I assumed may be related to Google and commented on a similar thread in Google Groups.

It sounds logical that there are javascript errors with the offending site, but my question is why are we just starting to see this now? I have been unable to reproduce the experience in Firefox... Prior to 10.6.6, I visited many of the troubling sites and never had an issue.

Do you have some type of site quality monitoring program installed?

As far as the links you listed, I notice that they are all at us.intllitxt.com
http://en.wikipedia.org/wiki/IntelliTXT

I use FireFox (now version 4) and I use a plugin called WOT or Web Of Trust. Everyone of these links triggers a security alarm and says the site is not trustworthy. The ratings that WOT uses are built from user experiences and ratings from sites that track problem sites. WOT says that these sites are inheriting the reputation of their parent "us.intellitxt.com" site and all are rated poorly.
http://www.mywot.com/en/scorecard/chicago_cbslocal.us.intellitxt.com

I copied and pasted a link into Safari 5.0.4 and the page wouldn't load at all (lucky for me 🙂 .

I trimmed down the url to remove everything after intellitxt.com/ and Safari get's a redirect page to VibrantMedia.com with a referrer of intellitxt. It looks like the pages are heavily advertised and may be playing tricks with javascripts to track users or get other information. They are also suspected of "drive-by" hit downloads that affect many windows users.

A Google search: intellitxt security issues - shows that intellitxt is one of the companies that uses popups for different words on a site that have nothing to do with the actual page information. They sell advertising for different words and then find the words in different articles so that you will have to see the adds. This makes the web pages themselves difficult to read, but intellitxt gets paid if you just go to the page with their link.
Ref:
http://www.dslreports.com/forum/r18589205-Vibrant-Media-Intellitxt
http://www.msfn.org/board/topic/78807-helpget-rid-of-intellitxtcom-ads-in-ie/

I'm guessing that all of these links you provided are sub categories from a portal site (maybe a page provided by your ISP?), but don't have any idea what page has these links on them. As far as I can tell, your browser is not happy with security issues on these pages.

The good news is that if you change the URL to a different format, it will go to the original site in the link, without the intellitxt ads, ie:

http://chicago.cbslocal.com
http://www.theindychannel.com/index.html
http://www.music.co.uk/
http://www.slashphone.com/
http://www.nationalreview.com/
http://newyork.cbslocal.com/
I don't know where the foxtv2 link actually went so you'd have to figure that one out by Google search.

If your home page is providing you with links to all of these junk-linked sites then you need to get a new home page.

I've seen a couple of people mention that different programs are trying to launch when they download the .jsp files. I suppose the .jsp file extension could be mapped to any number of programs on different computers.

BTW, neither Safari 5 or FireFox 4 prompted my to download a .jsp file.

I am having the issues on my laptop running 10.5.8 I also was having this issue on my iMac running 10.6.7 but that machine crashed hard yesterday, first time ever and I now find myself on my macbook today. I am sure this is totally unrelated but I lost all my permssions yesterday and can no longer do a disc repair, lost permissions 3 times yesterday, so tonightis dedicated to the rebuild!