没有 `crossorigin` 的脚本不会暴露它的错误?

script without `crossorigin` will not expose its error?

这是我的文件

crossorigintest
├── 1.html
└── 1.js

文件内容为

1.html

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>

<body>
    <script>
        window.onerror = function () {
            console.log('onerror', arguments)
        }
        window.addEventListener('error', function () {
            console.log('addEventListenerError', arguments)
        }, true)
        window.addEventListener('unhandledrejection', function (event) {
            console.log('unhandledrejection', arguments)
            event.preventDefault();
        });

    </script>
    <script src="http://localhost:8081/1.js"></script>
</body>

</html>

1.js

console.log(11);
(function(){
    console.log(22);
    throw new Error('oops')
})()

启动 http 服务器

cd crossorigintest
npx http-server
npx http-server --cors

然后文件将在 http://localhost:8080http://localhost:8081

处被代理

打开浏览器

http://localhost:8080/1.html

查看结果

实际上错误暴露在 html 之外,那么规范是什么意思? https://html.spec.whatwg.org/multipage/scripting.html#attr-script-crossorigin

The crossorigin attribute is a CORS settings attribute. For classic scripts, it controls whether error information will be exposed, when the script is obtained from other origins.

根据我的测试,这取决于我chrome的隐私设置。 选择第三个选项时,规范有效。