- From: Garrett Smith <dhtmlkitchen@gmail.com>
- Date: Fri, 12 Aug 2011 20:14:42 -0700
- To: Boris Zbarsky <bzbarsky@mit.edu>
- Cc: public-script-coord@w3.org
On 8/11/11, Boris Zbarsky <bzbarsky@mit.edu> wrote: > On 8/12/11 12:12 AM, Garrett Smith wrote: >> When a script/DOM error occurs, the callback fires. The callback can >> access the callstack, message, and error from the error event. > > Subject to security restrictions when cross-origin scripts are involved, > just like the onerror handler is, yes? > Such that given a site on evil.com, you have <script src="//bofa.com"></script>? If so, would it be safe to generate a content-type error: "script error from bofa.com. Wrong content-type." - ? -- Garrett
Received on Saturday, 13 August 2011 03:15:10 UTC