W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2008

Re: responseXML/responseText exceptions and parseError

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 19 Jun 2008 10:19:26 +0200
Message-ID: <485A168E.7080207@gmx.de>
To: timeless@gmail.com
CC: "public-webapps@w3.org" <public-webapps@w3.org>

timeless wrote:
> Ian Hickson wrote:
>> Mozilla shows the XML error in its error console, which seem more useful
>> than exposing the error to script, really. (I expect other browsers do the
>> same but I haven't checked as recently.)
> 
> On 6/19/08, Julian Reschke <julian.reschke@gmx.de> wrote:
>> That's useful, but IMHO not nearly as useful as giving the script code the
>> ability to access the information. Sometimes errors happens in the absence
>> of the developer, and it's useful to have an easy and automatable way to get
>> the diagnostics.
> 
> this always scares me. i'm sure the context is "all information
> available is only being provided to a trusted source", however....
> 
> generally what i've seen is that exposing some information about a
> parse error to a script is a great way to enable data leaks to a
> malicious application.
> ...

Intereresting.

Could you please provide some more information or give an example about 
when this would be the case?

BR, Julian
Received on Thursday, 19 June 2008 08:20:08 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:26 GMT