Rails spinoffers: When I hit the following in IE, it puts up an error message "Cannot find file ...bad%20url... Make sure the path" is correct etc. When I hit it in Firefox I get no error. (Ironic because Firebug is installed...): <iframe src=''bad url'' onerror=''alert("yo");'' /> What I _want_ to happen is my onerror event fires. I naturally intend to upgrade the alert("yo"); part into something more germane and application-specific. Some documentation out there says IFRAMEs have onerrors and some don''t say they do... Okay, let''s kick this up a notch: <script src="http://.../prototype.js" type="text/javascript"></script> <iframe id=''fry_me'' onerror=''alert("yo");'' /> <script> $(''fry_me'').src = ''bad url''; <script> Now neither IE nor Firefox produce any error message of any kind. If either had thrown an error, I could naturally ''try'' to ''catch'' it in the Javascript. Taking out the onerror, and adding a try/catch, also don''t work. Ordinarily, the answer to one of these IFRAME attack questions is to upgrade the source the IFRAME calls. And of course I can''t do that because the error happens before the IFRAME has a page to evaluate. I need the IFRAME to respond to URLs which the user supplies, so I need a healthy and application-specific error path if the URL is wrong. Not the default irritation -- or the absense thereof! So how to beat healthy error information out of an IFRAME''s src attribute? -- Phlip http://www.greencheese.us/ZeekLand <-- NOT a blog!!! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---