I have in my document a iframe
with the sandbox
attribute.
With javasript
I read a Markdown
file and parse using the showdonwjs library and add this result to attribute srcdoc
of iframe
and result is expected.
However, the files come from users' sources and will be visible to other users, so I use the sandbox
attribute.
When in the file Markdown
there is a script ... the page where iframe
throws an error in console
of the browser (obvious if the attribute prevents execution, when there is an attempt should be made for an error).
How can I (if I can) observe this error in javascript
? Know if there was an error?
Thank you in advance.
update
page.html
<!DOCTYPE html>
<html lang="">
<head>
<title>Teste</title>
</head>
<body id="body">
<iframe id="frame" sandbox></iframe>
<script type="text/javascript" src="https://code.jquery.com/jquery-3.1.1.min.js"></script><scripttype="text/javascript" src="https://rawgit.com/showdownjs/showdown/develop/dist/showdown.min.js"></script><scripttype="text/javascript">
var md = '###Hello Word <script>alert("!")<\/script>';
var converter = new showdown.Converter();
var MDtoHTML = converter.makeHtml(md)
var ifrm = $('#frame')
ifrm.attr('srcdoc', MDtoHTML);
</script>
</body>
</html>
jsFiddle Exeplo
Well, this is the error print! It happens then I believe my doubt has a point! You could (if you can "watch") display a popup, banner or even log a log, identify malicious uploaders.