- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 19 Jun 2008 10:19:26 +0200
- To: timeless@gmail.com
- CC: "public-webapps@w3.org" <public-webapps@w3.org>
timeless wrote: > Ian Hickson wrote: >> Mozilla shows the XML error in its error console, which seem more useful >> than exposing the error to script, really. (I expect other browsers do the >> same but I haven't checked as recently.) > > On 6/19/08, Julian Reschke <julian.reschke@gmx.de> wrote: >> That's useful, but IMHO not nearly as useful as giving the script code the >> ability to access the information. Sometimes errors happens in the absence >> of the developer, and it's useful to have an easy and automatable way to get >> the diagnostics. > > this always scares me. i'm sure the context is "all information > available is only being provided to a trusted source", however.... > > generally what i've seen is that exposing some information about a > parse error to a script is a great way to enable data leaks to a > malicious application. > ... Intereresting. Could you please provide some more information or give an example about when this would be the case? BR, Julian
Received on Thursday, 19 June 2008 08:20:08 UTC