没有 `crossorigin` 的脚本不会暴露它的错误?
script without `crossorigin` will not expose its error?
这是我的文件
crossorigintest
├── 1.html
└── 1.js
文件内容为
1.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<script>
window.onerror = function () {
console.log('onerror', arguments)
}
window.addEventListener('error', function () {
console.log('addEventListenerError', arguments)
}, true)
window.addEventListener('unhandledrejection', function (event) {
console.log('unhandledrejection', arguments)
event.preventDefault();
});
</script>
<script src="http://localhost:8081/1.js"></script>
</body>
</html>
1.js
console.log(11);
(function(){
console.log(22);
throw new Error('oops')
})()
启动 http 服务器
cd crossorigintest
npx http-server
npx http-server --cors
然后文件将在 http://localhost:8080
和 http://localhost:8081
处被代理
打开浏览器
和http://localhost:8080/1.html
查看结果
实际上错误暴露在 html 之外,那么规范是什么意思?
https://html.spec.whatwg.org/multipage/scripting.html#attr-script-crossorigin
The crossorigin attribute is a CORS settings attribute. For classic scripts, it controls
whether error information will be exposed, when the script is obtained from other origins.
根据我的测试,这取决于我chrome的隐私设置。
选择第三个选项时,规范有效。
这是我的文件
crossorigintest
├── 1.html
└── 1.js
文件内容为
1.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<script>
window.onerror = function () {
console.log('onerror', arguments)
}
window.addEventListener('error', function () {
console.log('addEventListenerError', arguments)
}, true)
window.addEventListener('unhandledrejection', function (event) {
console.log('unhandledrejection', arguments)
event.preventDefault();
});
</script>
<script src="http://localhost:8081/1.js"></script>
</body>
</html>
1.js
console.log(11);
(function(){
console.log(22);
throw new Error('oops')
})()
启动 http 服务器
cd crossorigintest
npx http-server
npx http-server --cors
然后文件将在 http://localhost:8080
和 http://localhost:8081
打开浏览器
和http://localhost:8080/1.html
查看结果
实际上错误暴露在 html 之外,那么规范是什么意思?
https://html.spec.whatwg.org/multipage/scripting.html#attr-script-crossorigin
The crossorigin attribute is a CORS settings attribute. For classic scripts, it controls whether error information will be exposed, when the script is obtained from other origins.
根据我的测试,这取决于我chrome的隐私设置。
选择第三个选项时,规范有效。