[whatwg] Spec for handling runtime script errors doesn't seem to match reality
Simon Pieters
simonp at opera.com
Tue Nov 13 03:31:46 PST 2012
On Mon, 12 Nov 2012 18:12:32 +0100, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 11/12/12 5:45 AM, Simon Pieters wrote:
>> I don't see any attachment. Maybe the whatwg list prunes them? Can you
>> send it to www-archive?
>
> Gah.
>
> Here's the entire test case:
>
> <iframe></iframe>
> <script>
> window.onload = function() {
> window.onerror = function(msg, file, line) {
> alert('Parent handler: ' + msg + " " + file + " " + line);
> }
> frames[0].onerror = function(msg, file, line) {
> alert('Subframe handler: ' + msg + " " + file + " " + line);
> }
> frames[0].setTimeout(function() { throw "oops"; }, 100);
> }
> </script>
Thanks.
>> Do browsers use the script's origin per spec, or do they use the
>> function's global object's document's origin (for the purpose of
>> tainting the arguments)?
>
> This isn't even about origins and tainting so far; everything here is
> same-origin. It's purely about which onerror gets called.
Yes, I understand that. I was just taking it a step further. I've now
tested it:
<!doctype html>
<script>
document.domain = 'example.org';
onload=function(){
onerror=function(a,b,c){alert('parent: '+[a,b,c].join(' '));};
frames[0].onerror=function(){alert('child: '+[a,b,c].join(' '));};
frames[0].setTimeout(function(){ throw 'oops' }, 0);
};
</script>
parent<br>
<iframe src='http://www.example.org/child.html'></iframe>
<!doctype html>
<script>
document.domain = 'example.org';
</script>
child
Results:
Opera and Chrome use child and taint (alert says "child: Script error.
0").
Firefox uses child taints the url and line arguments but not the message
argument (alert says "child: uncaught exception: oops 0").
IE8 uses parent and doesn't taint (alert says "parent: Exception thrown
and not caught http://example.org/001.html 7").
I also tested the same as the above but with a string argument to
setTimeout with a syntax error.
Results:
Opera uses child and taints (alert says "child: Script error. 0").
Firefox and Chrome use child and don't taint (alert says "child:
SyntaxError: syntax error http://example.org/002.html 7" and "child:
Uncaught SyntaxError: Unexpected token ) 1", respectively).
IE8 doesn't invoke either onerror handler but shows a "broken script" icon
in the status bar (and attributes the error to child.html).
--
Simon Pieters
Opera Software
More information about the whatwg
mailing list