16 comments

[ 4.8 ms ] story [ 31.6 ms ] thread
(comment deleted)
WTF is that?
Presumably on the google website the script is loaded via an xmlhttp request which then strips the initial text and evals the rest. By added the initial throw 1; they prevent other sites from including the script, since it won't do anything.
If another site would really want to include the script, it could also strip the initial text. Is the purpose only to avoid people from including the script by mistake?
You can't make a XHR request to another domain. You only can include it via a <script> tag and that is going to fail.
Didn't know that. Thanks!
That's extremely smart. XMLHttpRequest protects you via the same origin policy. But there are other ways (such as JSONP) to load JavaScript and bypass the same origin policy. It's not like you cannot opt out of things like JSONP, but this trick adds another layer of protection and is particularly useful in fighting XSSI.
It a XHR response that google search yields on the main page. Just use firebug/google chrome's resource tab to see it.
Even better: onload="window.lol&&lol()"

I imagine that this is JS intended to be loaded via XHR only.

I was just talking to the guy who added window.lol last Friday. It stands for something that actually made sense in the context of the project, though I forget what exactly.
Don't be evil ? Google ?

Apparently their exception handling does't work very well :)