| Summary: | Web Inspector: script name gets parsed as HTML in Call stack panel | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Yury Semikhatsky <yurys> | ||||||
| Component: | Web Inspector (Deprecated) | Assignee: | Yury Semikhatsky <yurys> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | apavlov, bweinstein, commit-queue, joepeck, keishi, loislo, pfeldman, pmuellr, rik, timothy, yurys | ||||||
| Priority: | P2 | ||||||||
| Version: | 528+ (Nightly build) | ||||||||
| Hardware: | All | ||||||||
| OS: | All | ||||||||
| Attachments: |
|
||||||||
Created attachment 77213 [details]
Screenshot
Original Chromium bug report: http://crbug.com/67781 Created attachment 77214 [details]
Patch
Comment on attachment 77214 [details]
Patch
r=me, good fix. Should we audit any other uses of innerHTML in the inspector?
Comment on attachment 77214 [details] Patch Clearing flags on attachment: 77214 Committed r74506: <http://trac.webkit.org/changeset/74506> All reviewed patches have been landed. Closing bug. At first glance in other places we set innerHTML to values constructed by ourselves in the front-end code but we may want to double check this. (In reply to comment #4) > (From update of attachment 77214 [details]) > r=me, good fix. Should we audit any other uses of innerHTML in the inspector? |
What steps will reproduce the problem? 1. Go to data:text/html,<div style="position:fixed;left:0;top:0;font-size:40px;z-index:999">Whoops</div><style>*{color:red!important}</style><script>debugger;</script> 2. Open inspector 3. Reload page to trigger the 'debugger' command and pause the execution What is the expected output? What do you see instead? The problem is that the 'Scripts' panel uses the data url as script name in 'Call Stack' panel and parses it as HTML - see screenshot for what happens in this case.