It is simply not possible to retrieve the contents of any file referenced by the <script> . This has a good reason: it will allow you to bypass the XHR Same Origin Policy.
Consider:
<script src="https://www.example.com/private/api/getAuthToken" id="s"></script>
If you can access the text of the word respnse, you can do this:
var stolenAuthToken = $('#s').text();
This is obviously bad. This way, you are never allowed to read the contents of something introduced by <script> tags.
Your specific situation is complicated by a relatively recent change, where errors in cross-original scripts do not provide any useful information to your onerror handler page. (In essence, this was done to fix the security hole of information disclosure, which allows an attacker to determine whether you are logged into some well-known sites, among other things.)
This means that you do not receive any useful error information from the script hosted on the CDN, so another change was made to allow CORS for the CDN server (or for more than one origin) to allow the transfer of complete error information to the onerror handler.
We (Facebook) need a mechanism to disable window.onerror muting behavior, implemented in # 363897 . Our static script resources are served on a CDN in another domain from the main site. Since these domains are different from each other, we are faced with the logic of the x-domain, which prevents us from collecting useful information about browser errors.
This "function" was widely accepted in the wild (in Firefox and Webkit browsers) that most of the exceptions that we see in production now have no useful information in them.
The crossorigin attribute (originally intended for <img> ) allows you to specify that the resource should be loaded with CORS rules. It was implemented by Mozilla, WebKit, and Chrome .
<script src="http://example.com/xdomainrequest" crossorigin="anonymous"></script>
Unfortunately for you, in my testing , I found that the Google CDN does not send CORS headers.
GET http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js HTTP/1.1 Host: ajax.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://fiddle.jshell.net/josh3736/jm2JU/show/ Origin: http://fiddle.jshell.net Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK Vary: Accept-Encoding Content-Type: text/javascript; charset=UTF-8 Last-Modified: Tue, 13 Nov 2012 19:53:02 GMT Date: Wed, 02 Jan 2013 22:54:25 GMT Expires: Thu, 02 Jan 2014 22:54:25 GMT X-Content-Type-Options: nosniff Server: sffe Content-Length: 93637 X-XSS-Protection: 1; mode=block Cache-Control: public, max-age=31536000 Age: 169036 ...
Note the presence of the Origin header in the request (indicating the CORS request) and the absence of the Access-Control-Allow-Origin header in the response. That way, even if you put the crossorigin attribute crossorigin , the CORS check will fail and your scripts will get the cleared error data.
There is a three year version issue to enable CORS on the Google CDN server. I would not hold my breath.
TL; DR: If you need meaningful error messages, you must host all the JavaScript yourself, in the same source.