IE 8 script injection and http[S]
in [JavaScript]
|
Prev: Java Front end Developer | NYC | Long term (Only GC/Citizens)
Next: Google Closure: The Baseless Parts
From: Richard Maher on 18 Nov 2009 04:33 Hi, Can anyone confirm that IE 8 prevents a page that was loaded via httpS from injecting a script (createElement, appendChild etc) by throwing an "Operation aborted" exception when trying to set the src attribute to a HTTP*no*S URL? I know it's probably a very sensible thing to do and this is only happening at the moment as we haven't teed-up a certificate for our test server, but if someone could just confirm the behaviour (or other explanation then that'd be great. BTW. Chrome, FF, IE<8 and IE 8 in compatibility mode all do not have an issue. Cheers Richard Maher PS. My colleague found the ONERROR event handler today which is a very useful, yet seldom talked about, weapon in the injection/callback arsenal.
From: David Mark on 18 Nov 2009 04:33 On Nov 18, 4:33 am, "Richard Maher" <maher...(a)hotspamnotmail.com> wrote: > Hi, > > Can anyone confirm that IE 8 prevents a page that was loaded via httpS from > injecting a script (createElement, appendChild etc) by throwing an > "Operation aborted" exception when trying to set the src attribute to a > HTTP*no*S URL? I cannot, but I haven't tried. I wouldn't put anything past MS. > > I know it's probably a very sensible thing to do and this is only happening > at the moment as we haven't teed-up a certificate for our test server, but > if someone could just confirm the behaviour (or other explanation then > that'd be great. I don't know how sensible it is. > > BTW. Chrome, FF, IE<8 and IE 8 in compatibility mode all do not have an > issue. [...] > > PS. My colleague found the ONERROR event handler today which is a very > useful, yet seldom talked about, weapon in the injection/callback arsenal.. It certainly is _not_.
From: Richard Maher on 18 Nov 2009 17:54 Hi David, >> PS. My colleague found the ONERROR event handler today which is a very >> useful, yet seldom talked about, weapon in the injection/callback arsenal. > It certainly is _not_. Seeing as it's coming up to pantomime season in the UK, let me just say "Oh yes it is!" :-) Unless of course you like polling, don't care whether a script loaded or not, or are cunningly clever enough to have found another way (outside of IE) to tell wehn a script failed to load. Cheers Richard Maher "David Mark" <dmark.cinsoft(a)gmail.com> wrote in message news:d3ff725f-0f5c-46f4-9cf3-8527fed07dc4(a)g27g2000yqn.googlegroups.com... On Nov 18, 4:33 am, "Richard Maher" <maher...(a)hotspamnotmail.com> wrote: > Hi, > > Can anyone confirm that IE 8 prevents a page that was loaded via httpS from > injecting a script (createElement, appendChild etc) by throwing an > "Operation aborted" exception when trying to set the src attribute to a > HTTP*no*S URL? I cannot, but I haven't tried. I wouldn't put anything past MS. > > I know it's probably a very sensible thing to do and this is only happening > at the moment as we haven't teed-up a certificate for our test server, but > if someone could just confirm the behaviour (or other explanation then > that'd be great. I don't know how sensible it is. > > BTW. Chrome, FF, IE<8 and IE 8 in compatibility mode all do not have an > issue. [...] > > PS. My colleague found the ONERROR event handler today which is a very > useful, yet seldom talked about, weapon in the injection/callback arsenal. It certainly is _not_.
From: David Mark on 18 Nov 2009 18:20 On Nov 18, 5:54 pm, "Richard Maher" <maher...(a)hotspamnotmail.com> wrote: > Hi David, > > > > >> PS. My colleague found the ONERROR event handler today which is a very > >> useful, yet seldom talked about, weapon in the injection/callback > arsenal. > > It certainly is _not_. > > Seeing as it's coming up to pantomime season in the UK, let me just say "Oh > yes it is!" :-) Unless of course you like polling, don't care whether a > script loaded or not, or are cunningly clever enough to have found another > way (outside of IE) to tell wehn a script failed to load. > It is very easy to determine if a script has loaded (in any browser) and it certainly doesn't involve the onerror property. Use callbacks.
From: Richard Maher on 18 Nov 2009 18:35 Hi David, > It is very easy to determine if a script has loaded (in any browser) > and it certainly doesn't involve the onerror property. Use callbacks. Umm, the "callback" doesn't get called because there was some error loading the script (or SiteMinder SSO etc substitutes a logon screen) how do you discover that has happened? Cheers Richard Maher "David Mark" <dmark.cinsoft(a)gmail.com> wrote in message news:6502af84-5c14-49b4-b434-75b4fbef6a77(a)j35g2000vbl.googlegroups.com... On Nov 18, 5:54 pm, "Richard Maher" <maher...(a)hotspamnotmail.com> wrote: > Hi David, > > > > >> PS. My colleague found the ONERROR event handler today which is a very > >> useful, yet seldom talked about, weapon in the injection/callback > arsenal. > > It certainly is _not_. > > Seeing as it's coming up to pantomime season in the UK, let me just say "Oh > yes it is!" :-) Unless of course you like polling, don't care whether a > script loaded or not, or are cunningly clever enough to have found another > way (outside of IE) to tell wehn a script failed to load. > It is very easy to determine if a script has loaded (in any browser) and it certainly doesn't involve the onerror property. Use callbacks.
|
Next
|
Last
Pages: 1 2 Prev: Java Front end Developer | NYC | Long term (Only GC/Citizens) Next: Google Closure: The Baseless Parts |