[jQuery] Re: Any server status if use script tag for XSS?
Maybe you could attach an onload or onerror event to your html element (script) ? Anyway, jQuery has a home made method to let you do this, cross-browser: See http://docs.jquery.com/Ajax/jQuery.getScript#urlcallback Matt 2007/10/9, Jacky [EMAIL PROTECTED]: Hi, I would like to call crossite script. So I use the script tag technique (create script tag, assign src and append to head) to do so. But unlike xmlhttprequest, I cannot get any response status from it. So I just wonder if there is anyway I can detect if the remote script is not available? I tried to use try-catch, which works on Firefox but not IE. Code: $(document).ready(function(){ try{ var s = document.createElement(script); s.type = text/javascript; s.src = http://thisurldoesnotexist/dsfsdlfjk.js ; document.appendChild(s); } catch(e){ alert(any error); } }); -- Best Regards, Jacky 網絡暴民 http://jacky.seezone.net -- Matthias ETIENNE
[jQuery] Re: Any server status if use script tag for XSS?
I actually posted to the dev list about a similar issue (using JSONP, which is script-like). I'd like to put a short timer on the script calls and receive a timeout if the callback function fails to fire. Scott On 10/8/07, Jacky [EMAIL PROTECTED] wrote: Hi, I would like to call crossite script. So I use the script tag technique (create script tag, assign src and append to head) to do so. But unlike xmlhttprequest, I cannot get any response status from it. So I just wonder if there is anyway I can detect if the remote script is not available? I tried to use try-catch, which works on Firefox but not IE. Code: $(document).ready(function(){ try{ var s = document.createElement(script); s.type = text/javascript; s.src = http://thisurldoesnotexist/dsfsdlfjk.js ; document.appendChild(s); } catch(e){ alert(any error); } }); -- Best Regards, Jacky 網絡暴民 http://jacky.seezone.net -- -- Scott Trudeau scott.trudeau AT gmail DOT com http://sstrudeau.com/ AIM: sodthestreets
[jQuery] Re: Any server status if use script tag for XSS?
If the server return something like 404/500 page, I guess it would cause a javascript error when browser try to evaluate, and the try-catch method could work. Timer would be a good idea, but to determine the time to wait would require some specific measure. -- Best Regards, Jacky 網絡暴民 http://jacky.seezone.net On 10/9/07, Scott Trudeau [EMAIL PROTECTED] wrote: I actually posted to the dev list about a similar issue (using JSONP, which is script-like). I'd like to put a short timer on the script calls and receive a timeout if the callback function fails to fire. Scott On 10/8/07, Jacky [EMAIL PROTECTED] wrote: Hi, I would like to call crossite script. So I use the script tag technique (create script tag, assign src and append to head) to do so. But unlike xmlhttprequest, I cannot get any response status from it. So I just wonder if there is anyway I can detect if the remote script is not available? I tried to use try-catch, which works on Firefox but not IE. Code: $(document).ready(function(){ try{ var s = document.createElement(script); s.type = text/javascript; s.src = http://thisurldoesnotexist/dsfsdlfjk.js ; document.appendChild(s); } catch(e){ alert(any error); } }); -- Best Regards, Jacky 網絡暴民 http://jacky.seezone.net -- -- Scott Trudeau scott.trudeau AT gmail DOT com http://sstrudeau.com/ AIM: sodthestreets
[jQuery] Re: Any server status if use script tag for XSS?
If I remember correctly, getScript can't do cross site. -- Best Regards, Jacky 網絡暴民 http://jacky.seezone.net On 10/9/07, Matt [EMAIL PROTECTED] wrote: Maybe you could attach an onload or onerror event to your html element (script) ? Anyway, jQuery has a home made method to let you do this, cross-browser: See http://docs.jquery.com/Ajax/jQuery.getScript#urlcallback Matt 2007/10/9, Jacky [EMAIL PROTECTED]: Hi, I would like to call crossite script. So I use the script tag technique (create script tag, assign src and append to head) to do so. But unlike xmlhttprequest, I cannot get any response status from it. So I just wonder if there is anyway I can detect if the remote script is not available? I tried to use try-catch, which works on Firefox but not IE. Code: $(document).ready(function(){ try{ var s = document.createElement(script); s.type = text/javascript; s.src = http://thisurldoesnotexist/dsfsdlfjk.js ; document.appendChild(s); } catch(e){ alert(any error); } }); -- Best Regards, Jacky 網絡暴民 http://jacky.seezone.net -- Matthias ETIENNE
[jQuery] Re: Any server status if use script tag for XSS?
Hey Jacky, it can now. :-) from http://docs.jquery.com/Ajax/jQuery.getScript#urlcallback: Before jQuery 1.2, getScript was only able to load scripts from the same domain as the original page. As of 1.2, you can now load JavaScript files from any domain. --Karl _ Karl Swedberg www.englishrules.com www.learningjquery.com On Oct 9, 2007, at 12:54 PM, Jacky wrote: If I remember correctly, getScript can't do cross site. -- Best Regards, Jacky 網絡暴民 http://jacky.seezone.net On 10/9/07, Matt [EMAIL PROTECTED] wrote: Maybe you could attach an onload or onerror event to your html element (script) ? Anyway, jQuery has a home made method to let you do this, cross- browser: See http://docs.jquery.com/Ajax/jQuery.getScript#urlcallback Matt 2007/10/9, Jacky [EMAIL PROTECTED]: Hi, I would like to call crossite script. So I use the script tag technique (create script tag, assign src and append to head) to do so. But unlike xmlhttprequest, I cannot get any response status from it. So I just wonder if there is anyway I can detect if the remote script is not available? I tried to use try-catch, which works on Firefox but not IE. Code: $(document).ready(function(){ try{ var s = document.createElement(script); s.type = text/javascript; s.src = http://thisurldoesnotexist/dsfsdlfjk.js ; document.appendChild(s); } catch(e){ alert(any error); } }); -- Best Regards, Jacky 網絡暴民 http://jacky.seezone.net -- Matthias ETIENNE
[jQuery] Re: Any server status if use script tag for XSS?
Thanks. After look into the getScript code, I tried to play around with the readyState of the script elements. script.onload = script.onreadystatechange = function(){ try{ document.body.innerHTML += p + this.readyState + /p; if (!this.readyState || this.readyState == loaded || this.readyState == complete){ document.body.innerHTML += pSuccess/p; head.removeChild( script ); } }catch(e){ alert(any error + e); } }; 1. http://urldoesnotexist.com/fdil.js This is a request where the browser should not be able to resolve the server. Firefox prints nothing, but IE do print all 'loading', 'loaded' and 'success'. 2. http://www.google.com/doesnothavethisjs.js Just a simple error page returned by google.com Firefox prints nothing, but IE prints 'loading', 'loaded' and 'success' 3. http://someserver/soemjs.js This request would return an HTML showing cannot find file on server like (2). It is on our own application server. Firefox prints 'undefined', 'success' and then have script error about HTML tag error (I guess because the return page is not a well-formed html). IE prints 'loading', 'loaded' and 'success' with script error saying 'syntax error'. Seems that in IE, I cannot quite distinguish what is going on. On 10/10/07, Karl Swedberg [EMAIL PROTECTED] wrote: Hey Jacky, it can now. :-) from http://docs.jquery.com/Ajax/jQuery.getScript#urlcallback: Before jQuery 1.2, getScript was only able to load scripts from the same domain as the original page. As of 1.2, you can now load JavaScript files from any domain. --Karl _ Karl Swedberg www.englishrules.com www.learningjquery.com On Oct 9, 2007, at 12:54 PM, Jacky wrote: If I remember correctly, getScript can't do cross site. -- Best Regards, Jacky 網絡暴民 http://jacky.seezone.net On 10/9/07, Matt [EMAIL PROTECTED] wrote: Maybe you could attach an onload or onerror event to your html element (script) ? Anyway, jQuery has a home made method to let you do this, cross-browser: See http://docs.jquery.com/Ajax/jQuery.getScript#urlcallback Matt 2007/10/9, Jacky [EMAIL PROTECTED]: Hi, I would like to call crossite script. So I use the script tag technique (create script tag, assign src and append to head) to do so. But unlike xmlhttprequest, I cannot get any response status from it. So I just wonder if there is anyway I can detect if the remote script is not available? I tried to use try-catch, which works on Firefox but not IE. Code: $(document).ready(function(){ try{ var s = document.createElement(script); s.type = text/javascript; s.src = http://thisurldoesnotexist/dsfsdlfjk.js ; document.appendChild(s); } catch(e){ alert(any error); } }); -- Best Regards, Jacky 網絡暴民 http://jacky.seezone.net -- Matthias ETIENNE -- Best Regards, Jacky 網絡暴民 http://jacky.seezone.net