Re: responseXML/responseText exceptions and parseError

Julian Reschke wrote:
> Could you please provide some more information or give an example about 
> when this would be the case?

Here's a simple past example, if I understand your question correctly.

One can set an onerror handler on Window that will trigger if an exception is 
thrown and not caught, and will also trigger on script parsing/compilation 
errors.  For the latter case, the offending line of script is included in the 
exception object.

Now consider the following HTML page:

   <script src="target.html"></script>

Since most likely target.html is not actually valid JS, there will be a parse 
error, and the error object will contain the text on the line in question.

For what it's worth, Gecko will now only include the text if the script the 
error is in and the onerror handler are same-origin.  Until we started doing 
that, there was a cross-origin information leak.


Received on Thursday, 19 June 2008 17:03:22 UTC