W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2011

[whatwg] window.onerror and cross-origin scripts

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 20 Sep 2011 23:02:47 -0400
Message-ID: <4E7953D7.8080603@mit.edu>
On 9/20/11 5:40 PM, Simon Pieters wrote:
> However, it is still possible to tell if the user is logged in or not if
> a site serves a script for a particular URL when the user is logged in
> and redirects to the home page or so when the user is not logged in.

Can't you tell this from the load event for the <script> tag, without 
involving the error event in any way?

I'd love it if we could close this hole up, but the ship has long 
sailed.  :(

> There are other ways to
> tell if the user is logged in, however it seems we should try to keep
> them to a minimum.

I'm not sure that onerror and onload are really different ways to tell here.

Unless the proposal is that in this case onload fire instead of onerror 
for the script that ends up as an HTML document?

-Boris
Received on Tuesday, 20 September 2011 20:02:47 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:36 UTC