this is my simple script,
<script>
window.onerror = err;
var script = document.createElement('script');
script.src = "192.186.1.1.1.1.1";
script.onerror = err;
document.body.appendChild(script);
function err(msg, loc, a, b) {
alert(msg + "/" + loc);
}
</script>
but when i load this i get,
[object Event]/undefined
when i run the same on "firebug" i get detailed error like,
NetworkError: 404 Not Found - http://localhost/XSS/192.186.1.1.1.1.1"
So how can i get a detailed error .
try-catch alos doesnt work
try {
var script = document.createElement('script');
script.src = "192.186.1.1.1";
document.body.appendChild(script);
} catch(e) {
alert(e.name);
}
does that method will work only in old browsers ?
img.src also doesnt provide fire error handler. why?
var img = new Image();
img.src="gifffff/asasa/ss" ;
Firebug is not code, but a browser diagnostic tool running on the agent's behalf. (JavaScript cannot read the result of the firebug console.)
Now, for the cases:
The Image.error event never says why the loading failed. There is no provision to include the "reason" in the HTML specification; problem solved by not being a feature to begin with.
The catch doesn't work because there was no Exception thrown by the code.
The Image is still an Image and can still be added to the DOM regardless of if the resource (eventually) fails to load.
(The src is still set to a valid URI component - it would have thrown an exception on an invalid/unknown URI scheme.)
Having this general limitation (on any [Image] resource, even on the same origin) also prevents violation of the Same-Origin Policy - and the ability for malicious code to run various network scanning attacks.