Today I Learned - Rocky Kev

TIL onError

POSTED ON:

TAGS: html error mdn

While working with white-hat hackers who pen-tested my software, I noticed the test code they sent back looked something like:


<img src="image.jpg" onerror="alert(1);">

If the image fails to show, it'll hit us with that sweet alert prompt!

What's a good use-case?

<img src="imagefound.gif" onerror="this.onerror=null;this.src='imagenotfound.gif';" />

If the image fails to load, it'll:

  1. set the onerror=null to avoid a infinite loop
  2. replace the image with imagenotfound.gif

When a resource (such as an <img> or <script>) fails to load, an error event using interface Event is fired at the element that initiated the load, and the onerror() handler on the element is invoked. These error events do not bubble up to window, but can be handled with a EventTarget.addEventListener configured with useCapture set to true.

via:

MDN GlobalEventHandlers.onerror

Related TILs

Tagged: html

TIL Gmail has a 102KB size-limit for HTML

PLACEHOLDER

TIL how Error correction works in HTML

You never get an 'Invalid Syntax' error on an HTML page. Browsers fix any invalid content and go on.

TIL what DOCTYPE means

tl;dr: DOCTYPE declaration in the first line of the HTML file, to instruct the browser to run the code in Standard mode.