WebSandbox - Script Error Sample

Home

Samples

Forums

The sample code below attempts to access an inexistent DOM element, thus causing an error. The browser signals that either on the status bar, or by prompting you to select a debugger. The sandbox hides these problems and prevents bad code to interfere with your experience. We challenge you to inject exploit code (either by pasting it in the code box or uploading from an URI) that disrupts the experience with a script error. The exploit code will run in the sandbox. Can you circumvent it?

Trusted Sample

Script Error Sample

Clicking the button will cause a scripting error. When running outside the sandbox this error effectively crashes the application stopping the clock. Within the Sandbox, the error stops only that instance.

Sample Source Code

<html>
    <head>
        <title>Script Error Sample</title>
        <base href="http://websandbox.livelabs.com/"/>
        <link href="Images/favicon.ico" rel="icon" />
        <style>
            .sampleTitle
            {
                font-family: Segoe UI, Tahoma;
                font-size: 11pt;
                font-weight: bold;
                color: #07519A;
            }
            .scriptErrorSample
            {
	            height: 130px;
	            border: solid 1px lightgrey;
	            background: white;
	            background-repeat: repeat-x;
	            background-position: left top;
	            padding: 10px;
	            overflow-y: auto;
            }
        </style>
    </head>
    <body>
        <div id="sample" class="scriptErrorSample">
            <script type="text/javascript">
                window.clockelement = "currentTime";
                function onClick() {
                    // Try to access an inexistent element
                    window.clockelement = "currentTime2";
                }
            </script>

                        <p>Clicking the button will cause a scripting error. When running outside the sandbox this error effectively crashes the application stopping the clock. Within the Sandbox, the error stops only that instance.</p>
                        <p>After the error is generated, you can reload this gadget by clicking the [reload] button in the Gadget toolbar.  <input type="button" onclick="onClick()" value="Generate Error!"/></p>
            <div id="currentTime" style="font-size: 8pt; font-weight: normal; color: Gray">
            </div>

            <script type="text/javascript">
                window.setInterval(function() {
                    document.getElementById(window.clockelement).innerText = new Date();
                }, 999)
            </script>
        </div>
    </body>
</html>

Create your gadget: Type code below OR upload via an URL.

Source: <html> <head> <title>Your Gadget's Title</title> <script type="text/javascript"> //JavaScript Goes Here </script> <style type="text/css"> /* CSS Styles Goes here */ </style> </head> <body> <p>Your Gadget's HTML goes here. Your HTML must be well-formed.</p> </body> </html>
URL

Transform via: Client (Requires Microsoft Silverlight) Server [ ? ]

Trusted Sample

Sample Source Code

Create your gadget: Type code below OR upload via an URL.

View Gadget Source

Untrusted Input

Trusted Transformed Output