next »

[emonk]

 I have some JS code in a webpage. IE executes it properly. Firefox tells me 'uncaught exception: ReferenceError: alert is not defined'. How the hell is it possible for alert() to not be defined*, and is there anything I can do about it to make my code run? 

 Am I running it in some weird context like chrome, only stupider? I don't know! I do know I'm doing some weird shit to make this happen, but it seems to me that if JS is gonna run  it should still know about the built in functions like 'alert'. 


* Or for that matter pretty much any other javascript method I try in this particular location, the only things that seem to work are 'eval', and simple math operators.

 Also @Perk - Can we get one of those emoticons where the smiley is beating his head into a brick wall? I could really use it right about now.

[perkiset]

I'll see what I can do re. the smilie... I'm a bit busy to go on the hunt for the right one ATM, but it's a good suggestion. It's probably about time for me to bump up the smilies anyhoo.

You'll need to post your code - I've never EVER heard of that - if JS runs in FF then there must be a sneaky syntax error in your code. I test all my schtuff in Safari 3, FF Mac, FF Windoz and IE7 (sometimes 6 as well) and the JS interpreters are all almost identical (except for windows-only calls) - it's usually JS's connection to CSS issues that is the problem... not a fundamental trap call.

Post it here and let's have a look.

[emonk]

 Here's a vastly simplified version of it which produces the same error in firefox 2. In IE it executes as expected, butI haven't tested it in FF3, konq, or safari:

Code:

<html>
<head>
<script src="javascript: alert('test');"></script>
</head>
<body>
</body>
</html>

**EDIT** To further simplify the example.

[perkiset]

Ah... the problem is that alert is supposed to be called during the context of the page, not the header. You could do this:

Code:

<head>
<script>
function test() { alert('testing'); }
</script>
</head>
<body>
<script>
test();
</script>

... but not call the alert function directly. It works in IE because IE does a lot of stuff AFTER the page has been loaded, as opposed to during the load. For example - if you had this:

<div id="testing">This is some HTML</div>
<script>
alert(document.getElementById('testing'));
</script>

... in FF it would work perfectly, because the moment it sees the div it throws it on the DOM. In IE it's not really "official" until the entire page has been processed and you'd get an UNDEFINED error. IE is forgiving, but behaves incorrectly.

You need to put any calls that are to be called NOW (ie, when the page loads) within the BODY section of a page, not the head. The head is for functions and class definitions - it is not executed at load time and will cause you problems.

/p

[emonk]

Ah... the problem is that alert is supposed to be called during the context of the page, not the header.

 That's a good theory, but I already thought of it. This doesn't work in FF2 either:

Code:

<html>
<head>
</head>
<body>
<script src="javascript: alert('hi');"></script>
</body>
</html>

 It's the same error. "uncaught exception: ReferenceError: alert is not defined"

[perkiset]

Wait... why are you doing <script src=?

Just
<script>
alert('my message')
</script>

the src attribute is if you are trying to pull it from the (elsewhere).
Again, I think that IE has simply been being nice to you - that is not appropriate syntax.

[emonk]

Wait... why are you doing <script src=?

 I actually got the idea from a book I downloaded about JSON*, and it seemed to work for him. Perhaps the author only tested it in IE?

the src attribute is if you are trying to pull it from the (elsewhere).
Again, I think that IE has simply been being nice to you - that is not appropriate syntax.

 Yeah. I know.  

 It actually seems like it SHOULD work though. Everything else can have a script as the src, and you may want to dynamically specify the source inside your script tag (like: src="javascript: this + that + '.js';").

 Anyhow the weirdness of allowing assignments, math operators, and even eval(), but not recognizing 'alert' and the like are what gets me. It sort of half works, and I keep thinking if I only knew how to properly call 'alert' with something like 'navigator.alert()' (though it says navigator is undefined as well) or something it would work.

* I'm not actually interested in JSON, except from a security point of view. I just found it interesting when I noticed it in the book.

[perkiset]

The author must have had an anal cranial inversion. That's just not the right way to do things.

Just for argument, however, note that the code you first pointed to: this + that + '.js is immediately processable because it is a simple evaluation. There's no GUI or OS attachment to the script at all - so it can pass. As soon as you loop in the GUI or the OS (for example, set a timer, throw an ajax request, do an alert) you have moved into an entirely different programmatic context - and the notion of "alert" does not assist the script tag in getting the name of a javascript file in any way. This all makes pretty clear sense to me.

It is intriguing that the author chose this form, but I'd not spend much time on it because it's clearly fringe and problematic between browsers.

[emonk]

It is intriguing that the author chose this form, but I'd not spend much time on it because it's clearly fringe and problematic between browsers.

 In this case that's the point of what I'm doing. I'm looking for a fringe case that will allow me to do 'interesting' things with the browser.

 It seems that in this case though it is only interesting, not useful. 

[nutballs]

im late to the party but, i need to put in my WTF about the src="javascript: blablah"

It actually seems like it SHOULD work though. Everything else can have a script as the src, and you may want to dynamically specify the source inside your script tag (like: src="javascript: this + that + '.js';").

I am pretty sure that when a page is parsed/processed by a browser, the first step is to process the <script> tags that call off-page files, like <script src="ahdad">. I dont think that step is processed as javascript, and as such, i dont think you can do what you are suggesting above. have you ever tried doing that? Your saying some things work in the src="", so maybe things that would enable dynamic file includes, like your example, would be allowed, such as eval, and ops.

So if eval works, there is your answer...

src="javascript: eval('alert("test")');"

but frankly i am surprised it would work, and I havent tested it.

[emonk]

im late to the party but, i need to put in my WTF about the src="javascript: blablah"

It actually seems like it SHOULD work though. Everything else can have a script as the src, and you may want to dynamically specify the source inside your script tag (like: src="javascript: this + that + '.js';").

I am pretty sure that when a page is parsed/processed by a browser, the first step is to process the <script> tags that call off-page files, like <script src="ahdad">. I dont think that step is processed as javascript, and as such, i dont think you can do what you are suggesting above. have you ever tried doing that? Your saying some things work in the src="", so maybe things that would enable dynamic file includes, like your example, would be allowed, such as eval, and ops.

So if eval works, there is your answer...

src="javascript: eval('alert("test")');"

but frankly i am surprised it would work, and I havent tested it.

 eval works, in that it isn't undefined like most other things, but it doesn't in that the call to alert inside is still undefined.

[vsloathe]

You have to do it like this:

Code:

<script src="javascript:'<script>alert(\'ROFL\');</script>'"></script>

If that does not work, try escaping the inner script tags.

Also, you don't need to set javascript: as the src attribute of script tags, it can be used in img tags, iframe tags, object tags, etc.