search

ejayimperial / google-caja

Automatically exported from code.google.com/p/google-caja
0 stars 0 forks source link

onerror is not implemented #47

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
the onerror attribute is not implemented.

Original issue reported on code.google.com by sshja...@gmail.com on 25 Jan 2008 at 11:04

GoogleCodeExporter commented 9 years ago 
The onerror attribute of window?

How should it behave?  If an onerror handler is specified in the global scope, 
it
should receive exceptions thrown by scripts in extracted script tags?

Original comment by mikesamuel@gmail.com on 29 Jan 2008 at 12:16

GoogleCodeExporter commented 9 years ago 
Mainly for data content failing to load, such as <img src="foo.jpg" 
onerror="handle
the error"> I believe the event is also raised with object tags.

Original comment by sshja...@gmail.com on 29 Jan 2008 at 1:00

GoogleCodeExporter commented 9 years ago 
Do you also require onabort?

It looks like SVG also uses those.

Do you know of any good documentation on the behavior of onerror/onabort?  I get
nothing by searching for "onerror onabort site:w3.org -SVG -XmlHttpRequest".

Original comment by mikesamuel@gmail.com on 29 Jan 2008 at 2:31

GoogleCodeExporter commented 9 years ago 
There's some documentation at 
http://www.quirksmode.org/js/events_compinfo.html#t40

Original comment by mikesamuel@gmail.com on 29 Jan 2008 at 2:40

GoogleCodeExporter commented 9 years ago 
Also looks like it only loads on img tags, not object tags.

Original comment by sshja...@gmail.com on 29 Jan 2008 at 3:53

GoogleCodeExporter commented 9 years ago 
Jason,

Can you supply a testcase that you want to work?

mike

Original comment by mikesamuel@gmail.com on 19 Feb 2008 at 10:35

GoogleCodeExporter commented 9 years ago 
This would be the normal way to handle an onerror with an image: 

<img src="foo.jpg"
onerror="this.src='http://www.google.com/intl/en_ALL/images/logo.gif'"> 

However, due to the security issues with 'this', there is: <img id='image1'
src="foo.jpg"
onerror="document.getElementById('image1').src='http://www.google.com/intl/en_AL
L/images/logo.gif'">

~/Jason Hullinger

Original comment by sshja...@gmail.com on 19 Feb 2008 at 11:07

GoogleCodeExporter commented 9 years ago 
If you add the following to your html attribute whitelist

    types: [
      { "key": "IMG:ONCLICK", "description": "called if an image fails to load",
        "type": "SCRIPT", "optional": true },
      ],
    allowed: ["IMG:ONCLICK"],

then onclick will be extracted and cajoled just like any other script attribute.

Original comment by mikesamuel@gmail.com on 9 Mar 2008 at 2:55